A crypto fraudster took off with an estimated $100 million after manipulating the token price of Mango using two accounts funded with the stablecoin USD Coin on the decentralized finance (DeFi) platform Solana.
The exploit first came to light by blockchain auditing firm OtterSec in a Twitter post on Tuesday (Oct. 11) and was confirmed on the social media site by Mango, who tweeted that the “parties have indicated a willingness to communicate.”
Mango said on Twitter on Wednesday (Oct. 12) that its priorities now include preventing further losses, ensuring Mango depositors are made whole, and trying to “salvage some value in Mango DAO and protocol to rebuild from here.”
See also: The $100M Hack and Crypto’s Cross-Chain Payments Problem
According to multiple tweets and reports, the attacker funded two accounts with USD Coin and took large positions in Mango perpetual futures, causing Mango’s coin price to surge.
OtterSec’s Robert Chen told CoinDesk that once the token was over-valued, the fraudster took out loans against the funds and drained Mango’s liquidity pools.
“It’s like a lending-borrowing race: if you have overvalued collateral, you can then borrow against that collateral, and that’s what they did,” Chen said.
The DeFi protocol Binance Smart Chain was attacked over the weekend of Oct. 8, with hackers making off with an estimated $100 million, PYMNTS reported. Binance chief communications officer Patrick Hillmann said the thieves could have gotten away with a lot more — as much as $570 million — but exploits get shut down quickly by surrounding blockchain communities.
Mango Markets is governed by Mango DAO for trading digital assets on the Solana blockchain for spot margin and trading perpetual futures.
So far this year there have been an estimated $2 billion in crypto-related security crimes, according to data from blockchain analysis firm Chainalysis.