How a Hacker Got Paid $50 Million for Exploiting a DeFi Protocol

With October becoming one of the worst months in terms of hacks against crypto platforms, Mango Markets – a Solana-based DeFi project – stood out with an exploit worth about $115 million.

The latest developments brought some relief to affected users but also showed how a hacker could profit legitimately by founding vulnerabilities in DeFi protocols.

The Multi-Million Hack

CryptoPotato reported earlier this week when the Solana-based project became the latest victim to a DeFi exploit, with initial reports claiming that the attacker swiped $100 million worth of digital assets. The amount could be a bit higher, according to more recent estimations.

Both parties sat at the online negotiation table after the hack, with the attacker proposing to erase all the bad debts. This was voted against by the community, even though the hacker had obtained a massive portion of the protocol’s governance token MNGO and voted in favor of their own proposition.

The counter proposal by the Mango team offered the attacker to keep around $50 million if they agreed to return the remaining funds. Additionally, the team promised not to engage in any criminal prosecution as well as erase the bad debt.

According to an October 15 tweet, the attacker indeed returned $67 million in crypto assets. The team also asked the community to meet on Monday to vote on “how we can sort out this mess.”

It’s worth noting that Mango’s native token plunged following the hack by more than 50% in hours, from $0.04 to under $0.02. As of now, it trades inches above the latter.

A Hack or a Smart Trading Strategy?

While the community insists that what happened to Mango Markets was indeed an exploit (hack), the attacker doesn’t believe so. A Twitter user called Avraham Eisenberg took responsibility for the events but claimed to be involved with a team that “operated a highly profitable trading strategy.”

After refusing to call these actions an exploit by any means, Eisenberg said they believe everything they did was legal, as they used the protocol as designed, “even if the development team did not fully anticipate all the consequences of setting parameters the way they are.”

Eisenberg praised the settlement with the insurance fund and asserted that “all users will be able to access their deposits in full with no loss of funds” once it’s completed.

SPECIAL OFFER (Sponsored)
Binance Free $100 (Exclusive): Use this link to register and receive $100 free and 10% off fees on Binance Futures first month (terms).

PrimeXBT Special Offer: Use this link to register & enter POTATO50 code to receive up to $7,000 on your deposits.