It would seem that the hackers used an “oracle price manipulation” tactic in the exploit on the Solana-based DeFi network, as indicated by a tweet sent by the official account for the Mango cryptocurrency exchange.
In mid-October, traders took advantage of a vulnerability in the decentralized finance (DeFi) trading platform Mango Markets and stole more than $110 million worth of cryptocurrencies off the network.
We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation.
We are taking steps to have third parties freeze funds in flight. 1/
— Mango (@mangomarkets) October 11, 2022
A further thread on Twitter provided a detailed breakdown of how the incident transpired. The attacker began their mission by funding an account on the site with USD Coin (USDC) for $5 million, which were used to purchase 483 unites of perpetual contracts in Mango (MNGO) token, the platform’s native cryptocurrency.
The attacker used this technique to drive up the price of MNGO from $0.03 to $0.91, increasing the value of their MNGO holdings to $423 million.
The funds were then used to acquire a loan for $116 million using several tokens on the platform, such as Bitcoin (BTC), Solana (SOL) and Serum (SRM). Unfortunately, the loan eliminated all of the liquidity in Mango Markets, which resulted in a steep drop in the price of MNGO to $0.02.
The development team for Mango Markets subsequently said that it is looking into what occurred and has initiated an inquiry into it. The protocol made the news available to its users over its different social media outlets, stating that it has temporarily halted deposits while it conducts more research. Additionally, the team informed users that they should refrain from depositing cash into the site before they disable the ability to do so.
How Mango Markets was exploited
The attacker was able to manipulate the MNGO token price, driving it up 30 times in such a short amount of time, by taking out enormous perpetual contracts. An attacker can pull this off by taking advantage of limited market liquidity to artificially inflate a token’s price by making huge purchase orders to push the price and then use new investors as exit liquidity to cash out. This is the same strategy that is employed in pump-and-dump scams.
Recent: ‘DeFi will replace institutions entirely,’ says BitGo CEO Mike Belshe
However, this kind of exploit is difficult to carry out when there is a very large…
Click Here to Read the Full Original Article at Cointelegraph.com News…