Mango Market's DAO forum set to approve $47M settlement with hacker

Published at: Oct. 14, 2022

Following a $117 million exploit on Oct. 11, the Mango Markets community is set to make a deal with its hacker, allowing the hacker to keep $47 million as a bug bounty, according to the decentralized finance (DeFI) protocol governance forum. 

The proposed terms reveal that $67 million of the stolen tokens will be returned, while $47 million will be kept by the hacker. 98% of the voters, or 291 million tokens, have voted in favor of the deal, which also stipulates that Mango Markets will not pursue criminal charges on the case.

With the quorum reached, the voting is likely to happen on Oct. 15. The proposal stated:

"The funds sent by you and the mango DAO treasury will be used to cover any remaining bad debt in the protocol. All mango depositors will be made whole. By voting for this proposal, mango token holders agree to pay off the bad debt with the treasury, and waive any potential claims against accounts with bad debt, and will not pursue any criminal investigations or freezing of funds once the tokens are sent back as described above."

On Twitter, members of the community reacted to the development:

Mango hacker securing himself a ~$47m bug bounty.Biggest crypto bounty by far? The current bounty going rate of 10% of exploited funds is going to need to be repriced lmao. pic.twitter.com/FcHkEbwY7u

— Hsaka (@HsakaTrades) October 14, 2022

The proposal has been questioned at the governance forum as well, as stated by one voter:

"Agree 100% that making users funds whole ASAP is the top priority but a $50m "bug bounty" is ridiculous. At most the exploiter should get their costs back ($15m?) plus $10m. $10m whitehat bounty is what was offered to the $600m wormhole hacker. Mango can negotiate better than this, especially given the exploiter is essentially doxed."

The hacker performed the attack by manipulating the value of the MNGO native token collateral, then taking out “massive loans” from Mango’s treasury. After draining the funds, the hacker demanded a settlement, filling a proposal on the Mango Market's decentralized autonomous organization (DAO) forum asking for $70 million at that time. 

Moreover, the hacker has voted for this proposal using millions of tokens stolen from the exploit. On Oct. 14, the proposal reached the required quorum to pass. In exchange for the settlement, the hacker requests that users who vote in favor of the proposal agree to pay the bounty, pay off the bad debt with the treasury, waive any potential claims against accounts with bad debt and not pursue any criminal investigation or the freezing of funds.

Tags
Defi
Hacks
Hackers
Loans
Related Posts
More than $1.6 billion exploited from DeFi so far in 2022
The decentralized finance (DeFi) space has been rife with hacks, exploits and scams so far this year, with over $1.6 billion in crypto stolen from users, surpassing the total amount stolen in 2020 and 2021 combined. Analysis from blockchain security firm CertiK revealed the statistics on Monday showing the month of March having the most value stolen at $719.2 million, over $200 million more than what was stolen in all of 2020. The March figure is largely due to the Ronin Bridge exploit where attackers made off with over $600 million worth of crypto. We have seen $1.6B lost in …
Analysis / May 3, 2022
Inverse Finance exploited again for $1.2M in flash loan oracle attack
Just two months after losing $15.6 million in a price oracle manipulation exploit, Inverse Finance has again been hit with a flash loan exploit that saw the attackers make off with $1.26 million in Tether (USDT) and Wrapped Bitcoin (wBTC). Inverse Finance is an Ethereum-based decentralized finance (DeFi) protocol and a flash loan is a type of crypto loan that is usually borrowed and returned within a single transaction. Oracles report outside pricing information. The latest exploit worked by using a flash loan to manipulate the price oracle for a liquidity provider (LP) token used by the protocol’s money market …
Defi / June 17, 2022
DeFi protocol token NFD crashes by 99% after a flash loan attack
New Free DAO, a decentralized finance (DeFi) protocol, faced a series of flash loan attacks on Sept. 8, resulting in a reported loss of $1.25 million. The price of the native token has dropped by 99% in the wake of the attack. Unlike normal loans, several DeFi protocols offer flash loans that allow users to borrow large amounts of assets without upfront collateral deposits. The only condition is that the loan must be returned in a single transaction within a set time period. However, this feature is often exploited by malicious adversaries to gather large amounts of assets to launch …
Defi / Sept. 8, 2022
Wormhole hacker moves $155M in biggest shift of stolen funds in months
The hacker behind the $321 million Wormhole bridge attack has shifted a large chunk of stolen funds, with transaction data showing that $155 million worth of Ether (ETH) was transferred to a decentralized exchange (DEX) on Jan 23. The Wormhole hack was the third largest crypto hack in 2022, after the protocol’s token bridge suffered an exploit on Feb. 2, 2022, that resulted in the loss of 120,000 Wrapped ETH (wETH) around worth $321 million. According to the transaction history of the hacker’s alleged wallet address, the latest activity shows that 95,630 ETH was sent to the OpenOcean DEX and …
Blockchain / Jan. 24, 2023
Yield platform Stablegains sued for promoting UST: Finance Redefined
Welcome to Finance Redefined, your weekly dose of essential decentralized finance (DeFi) insights — a newsletter crafted to bring you significant developments over the last week. The backlash from the Terra implosion still haunts the crypto world, with the now-shuttered stablecoin yield platform Stablegains being sued for customer losses. The plaintiffs allege that the platform funnelled customer funds into Anchor Protocol without users’ knowledge or consent. Platypus, the DeFi protocol that was exploited for over $8 million, is working on a compensation plan to recover some of the funds. Florida’s Cogent Bank is proposing a $100 million participation in loans …
Regulation / Feb. 24, 2023