Solana Top DeFi Platform, Mango Suffers a $115M Hack
In what has become a series of embarrassing crypto hacks of late coming few days after the Binance Bridge exploit, Mango a top decentralised cross-trading platform quintessential to the Solana ecosystem has been hit with a ~115M hack.
Mango Markets offers spot margin and leverage trading of crypto assets (perpetual futures). The protocol utilises oracles (3rd party entities/data feeds) to get on-chain data of token prices from trusted external sources to execute trades and perform other functions accurately without deviating from the underlying market prices of assets the oracle tracks and reports back to Mango.
The exploit which wiped out Mango's liqudity involved a price manipulation of the oracle data source it's providers (Switchboard & Pyth) relies on to match and execute trades. Mango in its official twitter handle said it's oracle worked as intended but updated and used corrupted (inflated) data of $MNGO prices from FTX and Ascendex exchange.
So What Really Happened?
Data Points/Sources:-
@mangomarkets (twitter)
@osec_io (twitter)
@joshua_j_lim (twitter)
https://trade.mango.markets/account?pubkey=CQvKSNnYtPTZfQRQ5jkHq8q2swJyRsdQLcFcj3EmKFfX
https://trade.mango.markets/account?pubkey=4ND8FVPjUGGjx9VuGFuJefDWpg3THb58c277hbVRnjNa
On-chain data provides possible clues to what actually happened in what appeared to be a well timed and coordinated perp future trades in which the attackers took hedged positions to maximum effect. Let's dive into the hacker(s) trade play.
At 22 19 UTC, the attacker with wallet address (CQvKS...mKFfX) deposits $5mm USDC into Mango Markets as collateral.
S/he then proceeds between 22.24 - 22.25 UTC to open an outsized short MNGO perp positions of 488.302mm units at a taker price of $0.0382/MNGO.
At about the same time, the attacker(s) fund another wallet address (4ND8F....RnjNa) with $5mm USDC as collateral and then proceeds to open long MNGO perp positions to buy the 488.302mm units on the order book.
With both positions hedged about the same time, spot prices of $MNGO on FTX and Ascendex were manipulated by the hackers, resulting in price spikes in the order of 5-10x.
The resulting surge in the CEX who's underlying prices Mango oracles track; fetches, reports and updates pumped token prices to be used/executed for $MNGO trades.
With reported highs of $0.8+ for MNGO/USDC trade pairs, the attackers long position increased in value and thus, earned them huge unrealised profits (P&L) in the process.
This overcollaterized position allowed the hacker(s) to borrow ~ $115mm worth of tokens across $BTC, $Sol, $mSol, $USDC, $USDT, $SRM and $MNGO. This effectively dried up liquidity in the treasury, leaving deficits in an already thin mango pool.
The prices of $MNGO dumped -40% after the market move (manipulation) to $0.02/MNGO. With this net difference, the attackers short position was in profits of ~$11.851mm but with liquidity wiped out, nothing was left for the exploiters to take out fresh loans.
In a dramatic twist few hours after the incident, the hackers initiated/passed a 'Repay Bad Debt' governance proposal making demands to return some of the loot on conditions the protocol will pay the bad debt it left behind and will not pursue cirminal charges against them.
Following the hack, the trading/lending platform at 02.37 UTC froze the program instructions to stop users from depositing funds to prevent further losses.
The team have opened lines of communication with the hackers following their DAO demands (Repay Bad Debt Proposal) in an attempt to recover the drained equity in the protocol and hopefully resolve the issues amicably.
The DAO priorities after limiting further losses and possibly recover some (?) of the stolen funds, plan to build back value into the protocol and make whole Mango depositors who were affected by the exploit.