Crypto price exploit swipes US$100 mil from DeFi service Mango
MUMBAI (Oct 12): An attacker has spirited away about US$100 million (RM468.25 million) from decentralised finance (DeFi) provider Mango by manipulating the price of its token in an exploit that wiped out depositors on the crypto platform.
The heist began with two accounts funded with the stablecoin USD Coin, the platform said on Wednesday via Twitter. The accounts took large positions in Mango perpetual futures, causing the price of the Mango token to spike.
The price jump stoked an unrealised profit from the futures. The attacker used that to borrow and withdraw roughly a net US$100 million from the protocol in a range of tokens leaving depositors with nothing, according to Mango.
“This incident has effectively resulted in a total draining of all equity available,” the platform said on Twitter, adding the attackers are communicating with Mango and “indicating a willingness to negotiate”.
A string of attacks has befallen digital assets this year, most notably hacks on blockchain bridges, further undermining confidence in a sector that is also nursing a US$2 trillion wipeout from a November peak.
The Mango incident is “a price manipulation attack” that took advantage of the ability to leverage up positions on the platform, according to BlockSec, a company specialising in crypto security.
The perpetrator has posted a proposal on Mango’s governance page that appears to raise the possibility of returning some of the money in return for a bounty. Other conditions include using the service’s treasury to pay off bad debt and not pursuing criminal probes or freezing funds.
Pump and dump
Mango, which operates on the Solana blockchain, is a decentralised crypto exchange that offers users the ability to make spot trades and loans.
It disabled deposits and said it believes the most constructive thing to do is to communicate with those responsible in an “attempt to resolve the issues amicably”.
Data from tracker CoinGecko showed that in the past 24 hours, the price of the Mango token at one point shot up to about nine US cents from four US cents before sinking to about two US cents.
Some US$2 billion has been lost in crypto-security incidents this year, many perpetrated by North Korea-linked groups, according to blockchain analysis firm Chainalysis.
Just last week, two million Binance Coins equivalent to nearly US$570 million were effectively minted and taken by a hacker. About US$100 million was not recovered, while the rest was frozen, according to a Binance statement.
!function(f,b,e,v,n,t,s){
if(f.fbq)return;n=f.fbq=function(){n.callMethod?n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)
}
(window, document,’script’,’https://connect.facebook.net/en_US/fbevents.js’);
fbq(‘init’, ‘599934940913280’);
fbq(‘track’, ‘PageView’);
