Solana-powered decentralized finance [DeFi] lending protocol Mango Markets recently suffered a massive exploit to the tune of $100 million, where the attacker reportedly manipulated the oracle’s smart contract.
After the team offered a bounty in exchange for the return of the stolen assets, the hacker/s made a proposal on Mango Governance that they would send back those assets but under one condition and that was utilizing $70 million USDC from Mango’s treasury to repay the “Bad debt” within the protocol.
The negotiation agreement also specified that once the tokens are returned, no criminal investigations would be opened.
By voting for this proposal, mango token holders agree to pay this bounty and pay off the bad debt with the treasury, and waive any potential claims against accounts with bad debt, and will not pursue any criminal investigations or freezing of funds once the tokens are sent back as described above.
For the uninitiated, this bad debt is the result of a rescue plan developed by Mango Markets and the competing Solana lending platform Solend for a major Solana whale with $207 million in debt dispersed across several lending platforms.
The whale had once borrowed 88% of the USDC that was available on Solend.
The rescue was put together because of concern that the whale’s bets would be liquidated if the SOL token fell another 20%, which would spread and have a negative influence on the Solana ecosystem.
Solana Exploiter May Have Rigged The Voting Proposal
At the time of writing this post, 32 million “yes” was garnered from the attacker’s proposal. Meanwhile, crypto Twitter is abuzz with the proposal’s absurdity amidst speculations that the voting process has been rigged by the exploiters to favor them.
That being said, online sleuths continue to dig deeper into the exploit. According to the blockchain auditing website OtterSec, the attacker addresses were funded 5.5 million via FTX. Not just Solana oracles, the attacker also appeared to exploit prices across all exchanges.
Mango Markets is a Solana-based platform for trading digital assets on the Sol blockchain for spot margin and trading perpetual futures. The protocol is governed by Mango DAO.
Following the latest incident, its native token MNGO token has shed its value by more than 40% in the last 24 hours.
The team behind the DeFi trading platform later updated that withdrawals are temporarily halted to prevent any further unnecessary losses. “To make sure depositors of the Mango protocol are made whole and to try and salvage some value in Mango DAO and protocol to rebuild from here”, it added.