The platform’s treasury was depleted of over $100 million worth of cryptocurrencies as a result of an attacker manipulating the native token’s pricing data to make loans against their holdings.
Mango Markets, a decentralized finance (DeFi) exchange situated in Solana, California, has reportedly suffered a theft of over $100 million as a result of an attacker manipulating pricing oracle data and enabling them to obtain uncollateralized cryptocurrency loans.
OtterSec, a blockchain security company, tweeted that the exchange had lost over $100 million as a result of the attacker manipulating the value of its MNGO native token collateral and then taking out “massive loans” from Mango’s treasury.
Soon after, the Mango Markets team tweeted to advise customers not to deposit money until “the situation was more clear” and to get in touch with the attacker to talk about a bug reward.
Later, the team acknowledged the price oracle’s manipulation and declared that it had disabled deposits while looking into the incident. The price oracle is a price data feed that displays the value of the team’s MNGO token.
The funds that were drained were still available on the Solana blockchain as of this writing. Similar situations have led to offending addresses being blacklisted by centralized exchanges like Coinbase, Binance, and Kraken—the only ones with sufficient liquidity to allow someone to withdraw sums this huge.
Mango stated in its initial statement that it was “disabling deposits on the front end” and “taking steps to have third parties freeze funds in flight” as a precaution.
The price of the platforms’ MNGO token dropped as a result of news of the exploit by about 55% in the first hour, according to figures from CoinGecko.