Mango Markets community set to approve $47 million deal with hacker

Quick Take

  • The Mango Markets governance forum is on course to pass a vote approving a large bug bounty for the hacker who stole $114 million via the protocol.
  • The vote has now reached quorum and should pass in the morning on Oct. 15.

The Mango Markets community is voting heavily in favor of making a deal with the hacker who stole $114 million from its DeFi protocol.

Under the terms of the offered deal, the hacker will return roughly $67 million of the tokens and keep the remaining $47 million as a bug bounty. The governance vote also states that the project will use treasury funds to write off any remaining bad debt and won’t pursue criminal investigations once the portion of tokens is returned.

It's worth noting that the hacker used $10 million to carry out the attack, so that can be deducted from the effective bounty.

The governance vote has 119 million tokens voting in favor of it and 4.6 million against the deal. The vote has achieved quorum, meaning it will likely pass when the vote ends early on Oct. 15. 

This governance vote was created by the Mango Markets team and the hacker doesn’t appear to have voted on it from the main wallets associated with the attack. Prior to this vote, the hacker had originally created a governance vote and voted on it with 33 million of the stolen tokens.

Per the deal, the hacker would also send back some of the tokens shortly after the vote opened as a “show of good faith.” According to on-chain data, those tokens — worth just shy of $8 million — have been returned.

If the bug bounty is accepted it would be one of the largest bug bounties in crypto history, as noted by The Block Research. That said, it’s unclear whether the agreement will be legally binding in terms of not seeking criminal prosecution.

Mango Markets is a trading and lending platform on Solana. The exploit took place due to manipulation of the price of Mango Market’s native MANGO token. This occurred through the manipulation of blockchain oracles, which provide blockchains with token price data.

The hack was the sixth-largest DeFi exploit in history, falling just behind Cream Finance’s $130 million hack.

Update: This story has been updated to state what the attacker spent on the attack.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.