The proposal has drawn criticism from the public but it still stands a good chance of passing because more than 98% of voting tokens favor the pact, which also states that Mango Markets won’t file any criminal charges.
The Mango Markets community is prepared to reach an agreement with its hacker, letting him keep $47 million as a bug bounty, following a $117 million vulnerability on Oct. 11 according to the decentralized finance (DeFI) protocol governance forum.
According to the suggested agreements, the hacker will keep $47 million while returning 67 million of the stolen tokens. 291 million tokens, or 98% of the voters, supported the agreement, which also states that Mango Markets will not file any criminal charges in the matter.
The decision will probably take place on October 15 now that the threshold has been attained. The suggestion said:
“The funds sent by you and the mango DAO treasury will be used to cover any remaining bad debt in the protocol. All mango depositors will be made whole. By voting for this proposal, mango token holders agree to pay off the bad debt with the treasury, and waive any potential claims against accounts with bad debt, and will not pursue any criminal investigations or freezing of funds once the tokens are sent back as described above.”
A voter who questioned the plan at the governance forum claimed that a $50 million “bug bounty” was absurd and that the “exploiter should get their costs back ($15 million?) plus $10 million.” Mango “can negotiate better than this,” the voter insisted, “especially given that the exploiter is essentially doxed.”
Related: Solana-based decentralized finance platform Mango Market suffers a $100 million exploit
The hacker obtained “massive loans” from Mango’s treasury to carry out the attack after changing the value of the MNGO native token collateral. After stealing the money, the hacker requested payment and posted a request for $70 million on the Mango Market’s decentralized autonomous organization (DAO) forum at the time.
Additionally, the hacker used millions of tokens taken from the attack to support this idea in the vote. The quorum needed for the proposal to pass was attained on October 14. The hacker urges that users who vote in favor of the settlement agree to pay the reward, settle the bad debt with the Treasury, waive all claims against accounts with bad debt, and forego any criminal investigation or money-freezing actions in exchange for the settlement.