The decentralized finance (DeFi) protocol Mango, based on the Solana blockchain, was apparently targeted by a hacker attack on Tuesday (11). According to blockchain auditors OtterSec, the exploration is valued at $100 million in assets. That is, around R$ 530 million at the current exchange rate in reais. If the value and exploitation is confirmed, this will be one of the biggest hacking attacks of the year.
As the OtterSec team explained on Twitter, apparently the hacker managed to manipulate the protocol guarantee:
It appears the attacker was able to manipulate their Mango collateral. They temporarily spiked up their collateral value, and then took out massive loans from the Mango treasury. pic.twitter.com/2IJrB9RcEJ
— OtterSec (@osec_io) October 11, 2022
“It appears that the attacker was able to manipulate Mango’s warranty. They temporarily increased their collateral value and then made massive loans from the Mango treasury.”
Mango says it is investigating ‘incident’
The Mango team, in turn, practically confirmed the attack. On its Twitter account, the team said it was investigating the “incident”:
“We are currently investigating an incident where a hacker managed to drain funds from Mango through an oracle price manipulation. We are taking steps to have third parties freeze funds in progress.” wrote.
The team then tweeted that they are disabling deposits on the protocol front end just in case. They also said they will keep the community informed “as the situation evolves” and promised a reward for returning the funds to the hacker:
“If you have any information, please contact [email protected] to discuss a reward for returning funds.”
According to developer known as foobar, the attacker managed to come out with a variety of coins, the largest being USDC and SOL.
About the Mango protocol
Mango is a Solana-based DeFi protocol with nearly BRL 500 million ($94 million) in total blocked value (TVL), according to platform data. DeFi Llama. The protocol’s native token is the MNGO, which saw an unusual price fluctuation during the attack.
Within a few hours, the price of the digital asset went from BRL 0.20 to a peak of BRL 0.46, in an appreciation of 130%. Then the price plummeted to BRL 0.092, an 80% drop, according to data from CoinGecko. Considering the last 24 hours, the token accumulates a negative price change of around 55%.
