Hacker steals $100 million from crypto project Mango

It’s never a dull day in decentralized finance, but today’s news reads like a crypto-infused episode of Seinfeld.

On Tuesday, a hacker stole approximately $112 million from cryptocurrency exchange Mango Markets, which resides on the Solana crypto platform. They did this by buying a large amount of MNGO tokens on the exchange in two separate accounts, going long (betting the price to go up) on one and going short (betting the price to go down) on the other. They then used more funds to manipulate the price of MNGO to go up sharply and cashed out the account that was long, effectively draining most of the liquidity in Mango Markets.

Officially, Mango Markets said the incident “has effectively resulted in a total drain of all available equity,” and that its priorities are to “make sure that depositors of the Mango protocol are made whole,” as well as “try to save some value in the Mango DAO and protocol to rebuild from here” while preventing further losses.

While pretty dire for Mango Markets investors, who are now left empty-handed, this type of exploit has been done time and time again, with hackers often making off with hundreds of millions of dollars. In other words, it wouldn’t exactly be unusual in cryptoland.

But this time it seems the hacker has decided to take advantage of the way Mango Markets is set up to do some Robin Hood-style work while keeping some of the money for themselves.

Mango Markets is a DAO, or Decentralized Autonomous Organization. That means it is governed by voting, where owners of MNGO tokens can vote on the future of the entire project. The more MNGO tokens you own, the more voting power you have.

Also important is the fact that, like so many decentralized finance projects lately, Mango Markets has a lot of bad debt, stemming from an episode in June when Mango Markets and another DeFi project, Solend, bailed out a large Solana whale to keep the entire ecosystem from collapsing (in crypto parlance, a whale is someone who owns a huge amount of cryptocurrency).

The hacker used this setup to make a proposal to the Mango community. They said they will return some of the funds if Mango Markets used the money still in their coffers to pay back their bad debts and make their users whole. They also demanded that they, the hacker, not be criminally investigated, nor should their tokens be frozen. The hacker then used the MNGO tokens they owned to vote “yes” on the proposal, which now has a 99.9% approval rating.

Yes, decentralized economy is a strange place.

Mango Markets Hacker

Hey, I stole your money. I suggest you don’t send the police after me. I vote yes on my own proposal.
Credit: Mango Markets

To summarize: Someone stole a lot of MNGO tokens from Mango Markets. Then they made a proposal to return some of the tokens, but only if Mango Markets doesn’t send the police after them. They then used the MNGO tokens they stole to vote yes on their own proposal.

Unfortunately for the hacker, the proposal has not yet reached a threshold that would make it valid, so they could not immediately auto-approve their demands.

Still, it’s another indication that DAOs still have a lot more work to do—not only to prevent hackers from stealing funds, but also to prevent them from exploiting DAO governance mechanisms to bend projects to their will.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *