Solana-based decentralised financial (DeFi) exchange Mango Markets, suffered an exploit worth more than USD 100 million.
A fraudster manipulated the price of the MANGO token, allowing it to steal funds through a bad debt position.
The Mango Markets platform said on Twitter that it was investigating and taking steps to have “third parties freeze the funds that are on the run”.
The attacker first deposited USD5 million in USDC into the platform and then opened an abnormally large long position, blockchain security firm Hacken said on Twitter. This caused the price of the token to jump by almost 1,000% in less than an hour, which simultaneously increased the collateral value of the attacker’s account.
The fraudster then used this collateral value to take a large debt position on several coins on the Mango Market borrowing and lending platform.
Because the token and collateral price was much higher, the attacker was able to borrow and steal about $114 million in various tokens, Hacken reported.
The price of the MANGO token fell 52% after the attack, according to the Mango Market price feed.
Mango said it was shutting down deposits. The company also sent a statement to the hacker, whose wallet was deposited from an FTX exchange account, asking him to contact them for a refund reward.
The attacker offered to send back about $50 million worth of tokens, and noted that Mango Markets could use $70 million from the USDC treasury to pay all users with no bad debts and no bad debts.
The proposal assumes that after covering the difference, the abuser would be able to keep the remaining funds.
If the offer is accepted and all obligations are fulfilled, no criminal proceedings will be initiated against the abuser and his accounts will not be blocked.