A hacker stole $100 million from Mango Markets, a trading and lending platform on Solana.
The exploit appeared to be the result of manipulation in the price of Mango Market’s native MNGO token via an oracle price manipulation attack, Mango Markets tweeted. The platform said it’s investigating and taking steps to have “third parties freeze funds in flight,” it tweeted.
The attacker first deposited $5 million in USDC to the platform, and then opened an abnormally large long position, according to blockchain security firm Hacken on Twitter. This caused the token price to jump nearly 1000% in less than an hour, which concurrently spiked the collateral value of the attacker’s account.
The attacker then used this manipulated collateral value in their account to Borrow a large debt position across multiple coins on Mango Market’s borrowing and lending platform.
Since the price of the token and their collateral was manipulated much higher, they were able to borrow and steal roughly $114 million across various tokens, according to Hacken.
It also is disabling deposits on the front end to prevent users from using its platform and sent out a statement to the attacker to contact them regarding a bounty for the return of the funds.
