Market Manipulation Caused A $100M Exploit On Solana-Based DeFi Exchange Mango
A malicious crypto trader used millions of dollars to manipulate the values of Mango’s MNGO tokens on the platform’s eponymous decentralised exchange (DEX), ultimately draining over $116 million in liquidity.
The exchange offers low-cost spot and perpetual futures trading via its on-chain interface. According to CoinGecko, around $30 million worth of cryptocurrency was moved on the exchange during the last 24 hours.
The decision was made in response to the current controversy around a bad debt in the Solana DeFi ecosystem involving Solend and Mango.
Mango and Solend collaborated earlier this year to pool funds to bail out a giant Solana whale with $207 million in debt spread across multiple lending platforms – a move intended to protect the Solana ecosystem from potential losses should the whale’s position be liquidated.
How the event transpired
Mango, a decentralised exchange on Solana, used smart contracts to facilitate trading between DeFi customers. This is essential to comprehend how the exploit occurred: Smart contracts are completely decentralised and not controlled by a single entity, which means a malicious trader may spend enough money to exploit protocol flaws without the danger of anybody intervening to prevent the attack.
Two accounts were used during the assault. On account “A,” the trader initially used 5 million USD coins (USDC) to buy 483 million MNGO and short the asset or wager against it. Then, on account “B,” the trader used another 5 million USDC to purchase the same quantity of MNGO, using a total of 10 million USDC to effectively hedge his position, according to Joshua Lim, head of derivatives at Genesis.
2/ attacker then offered out 483mm units of MNGO perps on the order book pic.twitter.com/OX9kP4rsyQ
— Joshua Lim (@joshua_j_lim) October 12, 2022
3/ at 6:24 PM ET, attacker funded acct B (4ND8F…) with 5mm USDC collateral to buy those 483mm units of MNGO perps, at a price of $0.0382 per unithttps://t.co/ZHTcy9cWiF pic.twitter.com/ZCzuAYPsXE
— Joshua Lim (@joshua_j_lim) October 12, 2022
Within 10 minutes, the price of spot MNGO tokens increased from 2 cents to as high as 91 cents due to the trader’s additional purchases. This was achievable because spot MNGO was a token with little liquidity and minimal trading volume, allowing the rogue trader to influence prices rapidly.
As spot MNGO prices rose, the trader’s account “B” swiftly accumulated unrealised gains of $420 million. The attacker then extracted approximately $116 million in liquidity from all accessible Mango tokens, thus eradicating the system.
The liquidity on Mango was drained. Image: Mango
Soon after, spot MNGO prices reverted to 2 cents, falling below the pricing the trader first used to acquire MNGO futures on account “A.” This account has a profit of almost $6 million at the time of writing, but there is insufficient platform liquidity to pay the trader.
Overall, the malicious trader used over 10 million USDC to withdraw over $116 million from Mango, paying minimal costs to undertake the attack and operating within the platform’s limitations. Mango was not hacked, as planned, and a competent trader could extract token liquidity, although with malicious intent.
The above manipulative strategy will not work on two centralised exchanges. A trader placing high bids on one venue would cause prices to rise automatically on that exchange. Other exchanges would immediately raise the price of assets on their systems, rendering the strategy unlikely to yield profits.
Meanwhile, Mango developers announced on Wednesday that Switchboard and Pyth pricing oracles had adjusted the benchmark price of MNGO to more than $0.15, in keeping with the price increase on FTX and Ascendex. Oracles are third-party applications that retrieve data from outside a blockchain and insert it within it.
“Neither oracle providers have any fault here. The oracle price reporting worked as it should have,” Mango tweeted.
“The attacker pumped and dumped the mango token, which is a thinly traded token,” said Kanav Kariya, head of Jump Crypto, a crypto firm that has invested substantially in Pyth.
“Oracles report the price. Pyth/Switchboard accurately reported the prevailing prices on exchanges,” Kariya added. MNGO declined 40% on the previous day.
