Mango Markets, a decentralized platform on the Solana blockchain is the latest victim of an exploit as the Decentralized Finance (DeFi) space records another hit. According to tweets from security firm OtterSec, attackers drained the platform to the tune of over $100 million on Tuesday.
Using a technique called oracle price manipulation, the attackers exploited an economic design flaw to temporarily spike up their collateral value. Afterward, it took massive loans from the Mango treasury and subsequently withdrew various digital assets from the platform. This left the treasury with a negative balance.
While confirming the attack, the platform said it is investigating the attack and is taking steps to have third parties freeze funds in flight. As a precautionary measure, it will disable deposits on its front end. It will also leave a communication channel open to discuss bounty offers.
Attackers make Proposal to keep $70 million
Interestingly, the attackers have made a governance proposal offering to return $50 million of the stolen funds. This will be done on the condition that Mango Markets uses the remaining 70% to settle users without bad debts.
The attackers’ proposal which will see it keep about $70 million for itself is already up for voting and will end on October 14 at 9:12 pm E.S.T. The attackers have used 0.66% of the stolen funds to vote in favor of the proposal. Results from the poll show that the majority of the members of the MangoDAO support the proposal.
Should the platform honor the proposal, it will not pursue any criminal investigation against the attackers. It will also not be able to freeze the attackers’ funds if all obligations are satisfied.
The attack on Mango Markets follows that of Binance Smart Chain last week. Binance Smart Chain, another DeFi protocol that suffered, lost about $100 million to attackers who used a cross-chain bridge exploit.
Recall that Binance at the time placed a hold on all activities on the blockchain until investigations on the attack have been completed. Meanwhile, Axie Infinity Ronin Bridge lost about $625 million in an attack in March.