Cointime

Cointime

Download App
iOS & Android

CertiK Report: Revisiting the Mango Market Incident Anaylsis

Validated Project

TL;DR

On October 11, 2022 at 6:19 PM EST, Mango Market was attacked, causing a loss of $116M. The attacker was able to manipulate the price of MNGO token and borrowed more assets on the platform than was permitted.

Introduction

Mango Market is built on the Solana blockchain and utilizes Serum DEX for spot margin trading while perpetual futures are traded on Mango Market’s own order book. Mango Market is governed by $MNGO token holders via the Mango DAO.

On October 11, 2022 at 10:19 PM UTC, Mango Markets was hacked by a group of attackers, including Avraham Eisenberg who claimed to be part of the group on Twitter. A loss of $116M occurred after manipulating the value of a posted collateral to higher prices, and then taking out significant loans against the inflated collateral, which ended up draining Mango’s treasury. The attacker began by funding the first account (CQvKSNnY…) with 5M USDC and then offered 483mm units of MNGO perps on the order book. Then the attacker funded the second account (4ND8FVPjU…) which was used to buy the 483mm units of MNFO perps at a price of $0.0382 per unit. As a result, the attacker was able to move the price of MNGO which they increased to $0.91. With this price set for MNGO/USD, the second account was able to borrow other tokens on Mango Market. The attacker subsequently took all available liquidity on Mango, leaving account A with approximately $11,537,729.05 borrowed tokens and account B with 500M uncollectible debt. The price of $MNGO has dropped 47% as a result of the incident.

On October 15, 2022 Eisenberg posted on Twitter that this was a “highly profitable trading strategy” and that it was “legal open market actions, using the protocol as designed.” In his tweet, he claims that the development team failed to anticipate the consequences of the protocol’s parameters.

Funds Returned

The attacker submitted a proposal to send the token back. The wallet receiving funds drained from the protocol offered via a DAO community vote to return a portion of the proceeds less a substantial bounty, if the community promised not to pursue legal action.

On October 15, 2022 Mango’s developers tweeted that they were in the process of getting back $67 million in various cryptoassets and that the team started working on an algorithm to decide on a refund split. Overall, after a proposal in the Mango’s governance forum was approved, Eisenberg was allowed to keep $47 million as a “bug bounty” while $67 million was sent back to the treasury.

Eisenberg was initially linked to the wallet address that carried out the attack via an ENS domain name ponzishorter.eth. An anonymous Discord chat log also showed Eisenberg discussing the precise mechanism of the exploit in advance.

Attack Flow

  1. The attacker funded the first account (Account A) CQvKSNnYtPTZfQRQ5jkHq8q2swJyRsdQLcFcj3EmKFfX with 5M USDC in this transaction.
  1. The attacker then offered out 483M units of MNGO perps (short) on the order book
  1. The attacker funded the second account (Account B) 4ND8FVPjUGGjx9VuGFuJefDWpg3THb58c277hbVRnjNa
  1. Then the second account was used to buy 483M units of MNGO perps (long), at a price of $0.0382 per unit.
  2. The attacker started to move the spot price of MNGO, and increased it to $0.91
  1. With MNGO/USD price of $0.91 per unit, account B was able to borrow other tokens on Mango Market. The attacker also used the funds in account B (the original deposit + the funds for selling borrowed MNGO) to borrow other tokens on Mango Market.
  2. The above borrow behaviors leave account A with a total value of $11,306,771.61 uncollectible debt and account B with -$115,182,674.43 bad debt.

Addresses

Two accounts were used to conduct the attack.

Account “A” received 5M USDC collateral which offered out 483mm units of MNGO perps: CQvKSNnYtPTZfQRQ5jkHq8q2swJyRsdQLcFcj3EmKFfX

Account “B,” the trader, used another 5 million USDC to buy the same amount of MNGO, using 10 million USDC in total to effectively hedge his position: 4ND8FVPjUGGjx9VuGFuJefDWpg3THb58c277hbVRnjNa

Profit and Assets Tracing

Solana.FM🔮🔎 SolanaFM SolanaFM

Account A: 

Account B: 

Conclusion

Overall, the attackers executed a self-funded economic attack by manipulating the oracle price of MNGO. Since the attack, a debate has been sparked on Twitter as to whether those responsible could be subject to civil or even criminal liability. So far, there are few precedents for prosecuting this type of DeFi market manipulation. This case has some similarities to the Indexed Finance exploit that took place in December 2021. The founders of the protocol identified the attacker, and a lawsuit is still pending in Canadian courts. Following these events, Mango Markets has announced a new version dubbed 'v4' which will use the Serum Community Fork. Despite serious setback, the project appears hopeful in securing a place in the future of web3.

Certik
Comments

All Comments

Recommended for you

  • U.S. Congressman Mike Flood: Looking forward to working with the next SEC Chairman to revoke the anti-crypto banking policy SAB 121

     US House of Representatives will investigate Representative Mike Flood's recent statement: "Despite widespread opposition, SAB 121 is still operating as a regulation, even though it has never gone through the normal Administrative Procedure Act process." Flood said, "I look forward to working with the next SEC chairman to revoke SAB 121. Whether Chairman Gary Gensler resigns on his own or President Trump fulfills his promise to dismiss Gensler, the new government has an excellent opportunity to usher in a new era after Gensler's departure." He added, "It's not surprising that Gensler opposed the digital asset regulatory framework passed by the House on a bipartisan basis earlier this year. 71 Democrats and House Republicans passed this common-sense framework together. Although the Democratic-led Senate rejected it, it represented a breakthrough moment for cryptocurrency and may provide information for the work of the unified Republican government when the next Congress begins in January next year."

  • Indian billionaire Adani summoned by US SEC to explain position on bribery case

    Indian billionaire Gautam Adani and his nephew, Sahil Adani, have been subpoenaed by the US Securities and Exchange Commission (SEC) to explain allegations of paying over $250 million in bribes to win solar power contracts. According to the Press Trust of India (PTI), the subpoena has been delivered to the Adani family's residence in Ahmedabad, a city in western India, and they have been given 21 days to respond. The notice, issued on November 21 by the Eastern District Court of New York, states that if the Adani family fails to respond on time, a default judgment will be made against them.

  • U.S. Congressman: SEC Commissioner Hester Peirce may become the new acting chairman of the SEC

    US Congressman French Hill revealed at the North American Blockchain Summit (NABS) that Republican SEC Commissioner Hester Peirce is "likely" to become the new acting chair of the US Securities and Exchange Commission (SEC). He noted that current chair Gary Gensler will step down on January 20, 2025, and the Republican Party will take over the SEC, with Peirce expected to succeed him.

  • Tether spokesperson: The relationship with Cantor is purely business, and the claim that Lutnick influenced regulatory actions is pure nonsense

     a spokesperson for Tether stated: "The relationship between Tether and Cantor Fitzgerald is purely a business relationship based on managing reserves. Claims that Howard Lutnick's joining the transition team in some way implies an influence on regulatory actions are baseless."

  • Bitwise CEO warns that ETHW is not suitable for all investors and has high risks and high volatility

    Hunter Horsley, CEO of Bitwise, posted on X platform that he was happy to see capital inflows into Bitwise's Ethereum exchange-traded fund ETHW, iShares, and Fidelity this Friday. He reminded that ETHW is not a registered investment company under the U.S. Investment Company Act of 1940 and therefore is not protected by the law. ETHW is not suitable for all investors due to its high risk and volatility.

  • Musk said he liked the "WOULD" meme, and the related tokens rose 400 times in a short period of time

    Musk posted a picture on his social media platform saying he likes the "WOULD" meme. As a result, the meme coin with the same name briefly surged. According to GMGN data, the meme coin with the same name created 123 days ago surged over 400 times in a short period of time, with a current market value of 4.5 million US dollars. Reminder to users: Meme coins have no practical use cases, prices are highly volatile, and investment should be cautious.

  • Victory Securities: Funding Rates halved and fell, Bitcoin's short-term direction is not one-sided

    Zhou Lele, the Vice Chief Operating Officer of Victory Securities, analyzed that the macro and high-level negative impact risks in the cryptocurrency market have passed. The risks are now more focused on expected realization, such as the American entrepreneur Musk and the American "Efficiency Department" (DOGE) led by Ramaswamy. After media reports, the increase in Dogecoin ($DOGE) was only 5.7%, while Dogecoin rose by 83% in the week when the US election results were announced. Last week, the net inflow of off-exchange Bitcoin ETF was US$1.67 billion, and the holdings of exchange contracts and CME contracts remained high, but the funding rates halved and fell back, indicating that the direction of Bitcoin in the short term is not one-sided, and bears are also accumulating strength.

  • ECB board member Villeroy: Falling inflation allows ECB to cut interest rates

     ECB board member Villeroy de Galhau said in an interview that the decline in inflation allows the ECB to lower interest rates. In addition, the slow pace of price increases compared to average wages is also a factor in the rate cut. Villeroy de Galhau emphasized that the ECB's interest rate policy decision is independent of the Fed. Evidence shows that the ECB began to lower interest rates in early June, while the Fed lowered interest rates three months later. With the decline in inflation, we will be able to continue to lower interest rates. Currently, the market generally expects the ECB to cut interest rates by 25 basis points at the next meeting in December, but weaker data increases the possibility of a 50 basis point cut.

  • State Street warns Bitcoin craze could distract gold investors

    George Milling-Stanley, the head of gold strategy at Dominion Bank, warned that the rise of Bitcoin may mislead investors to overlook the stability of gold. He believes that Bitcoin is more like a return-driven investment, while gold provides long-term stability. He also criticized Bitcoin promoters for misleading the market by using the term "mining," and believes that gold is still a more reliable investment choice.

  • CertiK Chief Security Officer: The number of security incidents as of September 2023 has exceeded the total in 2022

    On October 23, at the ETH HK Side Event, a Web3 ecosystem security forum jointly held by CertiK and OKLink in Causeway Bay, Hong Kong, Professor Li Kang, Chief Security Officer of CertiK, shared his views on digital asset security construction. He pointed out that according to CertiK's statistics, the number of security incidents as of September 2023 has exceeded the total number in 2022. Hacking attacks and fraudulent behavior are still important threats, seriously hindering the development of the Web3 industry. Li Kang also mentioned the revolutionary feature of transparency in the Web3 field. The entire ecosystem can reduce security risks through public and transparent measures, such as asset management solutions. At the event, leaders from the Hong Kong Investment Promotion Agency, OKLink, and BlockSec shared their related work and latest developments in Web3 security construction. For example, CertiK and OKLink have received responses from multiple exchanges in asset tracking locking and data labeling. Finally, Li Kang hopes to further strengthen Hong Kong's position as a Web3 innovation gateway in the rapidly growing Asia-Pacific region through this sharing, and jointly promote the safe application and landing of Web3 technology.

Daily Must-Read

Popular Activities

Delysium $AGI & AI Private Yacht Party

Delysium $AGI & AI Private Yacht Party

March 27 - March 27
Seoul

Popular Tags

Cointime
News
Contents
RSS
Company