Mango Markets, a Solana-powered DeFi protocol, is the latest victim of an exploit that resulted in the loss of over $100 million worth of crypto.
The platform said in a Twitter update that it had disabled deposits on the front end as a precaution and would further update the situation as it evolved.
“We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation. We are taking steps to have third parties freeze funds in flight,” said Mango in a tweet.
In a separate tweet, Mango requested the hacker to get in touch to discuss a “bug bounty” for identifying the vulnerability.
The attacker reportedly manipulated price oracle data in order to temporarily spike up collateral value and then drain high value loans from the Mango treasury. At the time of writing, the hacker’s account on the platform shows several large withdrawals totalling close to $116 million. The single largest withdrawal was for $54 million worth of USDC, followed by a withdrawal of $25 million worth of Marinade Staked SOL (MSOL).
According to an analysis of the attack from Joshua Lim, the attacker “effectively wiped out all available liquidity on mango” while carrying out the exploit.
Another update from the Mango team revealed a more in-depth explanation of what transpired on the protocol earlier in the day. The team also said that Mango users would not be able to withdraw their assets from the protocol because the incident had resulted in “a total draining of all equity available.”
In August 2021, Mango Markets raised $70 million in the span of one day during its MNGO token sale. At the time of writing, the protocol’s native token MNGO was down by more than 40% over the last 24 hours.