Hacker steals over $100 million from Mango Markets

Quick Take

  • Mango Markets suffered a $100 million hack.
  • The hacker manipulated the price of the MANGO token which allowed the attacker to steal the funds via a bad debt position.

A hacker stole $100 million from Mango Markets, a trading and lending platform on Solana.

The exploit appeared to be the result of manipulation in the price of Mango Market’s native MANGO token via an oracle price manipulation attack, Mango Markets tweeted. The platform said it's investigating and taking steps to have “third parties freeze funds in flight,” it tweeted.

The attacker first deposited $5 million in USDC to the platform, and then opened an abnormally large long position, according to blockchain security firm Hacken on Twitter. This caused the token price to jump nearly 1000% in less than an hour, which concurrently spiked the collateral value of the attacker’s account.

The attacker then used this manipulated collateral value in their account to borrow a large debt position across multiple coins on Mango Market’s borrowing and lending platform.

Since the price of the token and their collateral was manipulated much higher, they were able to borrow and steal roughly $114 million across various tokens, according to Hacken. 

The price of the MANGO token has dropped roughly 50% in the wake of the attack, according to the Mango Market's price feed.

Mango said it's disabling deposits on the front end to prevent users from using its platform. It also sent out a statement to the attacker, whose wallet was funded from an FTX exchange account, to contact them regarding a bounty for the return of the funds.

Update: This story has been updated with additional details throughout.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.