A new proposal on the Mango Markets DAO forum, authored by the hacker that drained $100 million from the protocol, has proposed that all bad debt on the DeFi platform be used to pay a bug bounty.
On Oct. 12, the hacker posted a proposal titled “Repay bad debt” to the Mango DAO, saying he would send the stolen MSOL, SOL and MNGO tokens to a wallet address belonging to the Mango team. His conditions for doing so were that the Mango team use the bad debt in the Mango treasury – around 70 million USDC – to pay him a bug bounty as a reward, and that the team agree not to pursue any criminal charges against him.
“The mango treasury will be used to cover any remaining bad debt in the protocol, and all users without bad debt will be made whole,” said the attacker, who voted for the proposal with the tokens stolen from the exploit.
At the time of writing, 99% of votes were in favor of the proposal passing – but the proposal still needs more than 66 million votes to be passed successfully. A majority of the votes in favor of the proposal were made by the hacker himself, using millions of tokens stolen in the exploit.
Comments on the proposal show that most members of the Mango community were not accepting of the hacker’s ultimatum.
“You’re disgusting. What you did is wrong in every way possible. The responsible thing to do would have been to disclose the vulnerability to the team, NOT EXPLOIT IT. I hope the law enforcement community shows you ZERO MERCY,” wrote one user.
On Tuesday, the hacker manipulated the price of MNGO tokens on the Solana-powered decentralized exchange (DEX). Originally thought to be a manipulation of price oracle data, it was later revealed that the hacker did so by taking advantage of the thin liquidity on the platform.
After the traders’ actions on crypto exchanges FTX and Ascendex, Mango’s price oracles Switchboard and Pyth updated the benchmark price of MNGO to above $0.15 as they were reflected on the exchange.
“We want to clarify and add mention here that neither oracle providers have any fault here. The oracle price reporting worked as it should have,” said the Mango team in a tweet.