How low liquidity led to Mango Markets losing over $116 million

Published at: Nov. 3, 2022

It would seem that the hackers used an “oracle price manipulation” tactic in the exploit on the Solana-based DeFi network, as indicated by a tweet sent by the official account for the Mango cryptocurrency exchange.

In mid-October, traders took advantage of a vulnerability in the decentralized finance (DeFi) trading platform Mango Markets and stole more than $110 million worth of cryptocurrencies off the network. 

We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation. We are taking steps to have third parties freeze funds in flight. 1/

— Mango (@mangomarkets) October 11, 2022

A further thread on Twitter provided a detailed breakdown of how the incident transpired. The attacker began their mission by funding an account on the site with USD Coin (USDC) for $5 million, which were used to purchase 483 unites of perpetual contracts in Mango (MNGO) token, the platform’s native cryptocurrency.

The attacker used this technique to drive up the price of MNGO from $0.03 to $0.91, increasing the value of their MNGO holdings to $423 million.

The funds were then used to acquire a loan for $116 million using several tokens on the platform, such as Bitcoin (BTC), Solana (SOL) and Serum (SRM). Unfortunately, the loan eliminated all of the liquidity in Mango Markets, which resulted in a steep drop in the price of MNGO to $0.02.

The development team for Mango Markets subsequently said that it is looking into what occurred and has initiated an inquiry into it. The protocol made the news available to its users over its different social media outlets, stating that it has temporarily halted deposits while it conducts more research. Additionally, the team informed users that they should refrain from depositing cash into the site before they disable the ability to do so.

How Mango Markets was exploited

The attacker was able to manipulate the MNGO token price, driving it up 30 times in such a short amount of time, by taking out enormous perpetual contracts. An attacker can pull this off by taking advantage of limited market liquidity to artificially inflate a token’s price by making huge purchase orders to push the price and then use new investors as exit liquidity to cash out. This is the same strategy that is employed in pump-and-dump scams.

Recent: ‘DeFi will replace institutions entirely,’ says BitGo CEO Mike Belshe

However, this kind of exploit is difficult to carry out when there is a very large quantity of liquidity since the amount of cash required to manipulate the price would be much higher. Since new or relatively unknown tokens often have extremely little liquidity, pump-and-dump schemes are more common with such tokens.

Mango Markets would have been able to protect itself from this exploit if it had enough liquidity. The use of an automated market maker (AMM) is one strategy that Mango Markets may have utilized to boost its level of liquidity. Automated market makers are computer programs that decide the price of a token by collecting liquidity from users and employing various mathematical formulas.

Ben Roth, co-founder and chief information officer of Auros — an algorithmic market-making firm — told Cointelegraph:

“Adverse trading behavior is a by-product of illiquid market conditions. Therefore, when ‘bad actors’ are able to construct an attack vector that has a high degree of certainty due to low liquidity, the incentive to undertake these sorts of ‘exploits’ rises.” 

“When working with an algorithmic market-maker, token issuers simultaneously disincentivize this adverse behavior while building confidence in the consistency of liquidity during a variety of market conditions,” he added.

Large tokenholders, also known as liquidity providers (LPs), are responsible for the operation of AMMs. LPs are responsible for introducing equal quantities of token pairings (such as MNGO/USDC) into pools. This makes it possible for decentralized exchanges to outsource their liquidity while still providing the LPs with compensation in the form of a share of the trading fees collected on the platform.

After the exploit

One day after the exploit on Mango Markets, the perpetrator made a suggestion via the decentralized autonomous organization (DAO) that was part of the platform. The attacker suggested that the Mango DAO pay off any outstanding debts with its $70 million treasury instead of using the attacker’s funds.

The deal stated that the Mango DAO team should use the funds from their treasury to make up for any outstanding financial obligations. After that, the cybercriminal would send the stolen tokens to an address provided by the group responsible for the Mango DAO.

By voting with millions of tokens taken during the exploit, the hacker appeared to support this idea, which is another kind of manipulation. Additionally, the perpetrator of the incident asked that no criminal proceedings be opened against them if the petition was approved.

Eventually, the Mango Markets community agreed to let the attacker keep a large portion of the tokens as a “bug bounty.” The terms are part of a deal that will see the return of $67 million worth of stolen tokens, with the attacker keeping the remaining $47 million out of the $117 million taken.

The deal was reached via a vote in the Mango DAO, with 98% of voters (or 291 million tokens) voting in favor. The proposal included Mango Markets not pursuing legal charges against the hacker.

Attacker reveals their identity

The attacker behind the exploit later came forward to reveal their identity. Avraham Eisenberg announced on Twitter that he was “involved with a team that operated a highly profitable trading strategy last week,” i.e., those responsible for the $100 million attack perpetrated on Mango Markets. 

Eisenberg continued to say, “I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are.”

He pointed out that as a consequence of the exploit, Mango Markets fell bankrupt, and he also said that the insurance money was not enough to pay all the liquidations that occurred. Because of this, more than one hundred million dollars worth of user cash was lost.

However, Eisenberg claimed that he “helped negotiate a settlement agreement with the insurance fund,” to make all users whole again while recapitalizing the exchange. Eisenberg finished his Twitter thread by saying, “As a result of this agreement, once the Mango team finishes processing, all users will be able to access their deposits in full with no loss of funds.”

Eisenberg continues to claim that his actions were legal, being similar to automatic deleveraging on cryptocurrency exchanges. Automatic deleveraging is a process where exchanges use a portion of the profits earned from successful traders to cover losses due to other traders that have been liquidated.

However, Michael Bacina, partner at Australian law firm Piper Alderman, previously told Cointelegraph, “If this had occurred in a regulated financial market, it would be likely seen as market manipulation.”

Recent: Can internet outages really disrupt crypto networks?

While users could still theoretically pursue legal action against Eisenberg, Bacina said it is not commercially viable, stating:

“Assuming claims survive the proposal, any claims would still need to be reduced by any amounts which had been received by a member as a result of the proposal, which may mean many members have limited commercial incentive to sue Mr. Eisenberg.”

Going ahead, it will be interesting to see how DeFi protocols can better secure their protocols, either with AMMs to stop these types of exploits in the first place or through subsequent legal action. 

Tags
Related Posts
Boson Protocol seeks to blend physical and digital marketplaces in the Metaverse
Boson Protocol is a decentralized commerce protocol that seeks to enable the sale of physical goods, services and experiences in the Metaverse as nonfungible tokens (NFTs), and hopes to provide an infrastructure layer for exchanging assets of non-monetary value. For example, an NFT of a pair of sneakers bought using the Boson Protocol in the Metaverse would then be redeemable for that physical pair of sneakers in the real world, and vice versa. Ahead of the launch of its first Metaverse commerce experience in Decentraland, called Boson Portal, Cointelegraph spoke with Justin Banon, co-founder of Boson Protocol, to learn more …
Adoption / Nov. 18, 2021
What is Avalanche Network (AVAX) and how does it work?
What is Avalanche Network (AVAX)? Launched in 2020 by Ava Labs, Avalanche is a blockchain platform that is smart contract-capable. Avalanche aims to deliver a scalable blockchain solution while maintaining decentralization and security, focusing on lower costs, fast transaction speeds, and eco-friendliness. Avalanche quickly became popular in the cryptocurrency space, with Avalanche TVL currently worth $8.41 billion and still rising across Avalanche decentralized applications (DApps). Avalanche is powered by its native token Avalanche (AVAX) and multiple consensus mechanisms. With Avalanche, users can create an unlimited number of customized and interoperable blockchains. To operate a blockchain on the Avalanche coin, AVAX, …
Technology / Feb. 12, 2022
Ankr says no one should trade aBNBc, only LPs "caught off guard" will be compensated
Following yesterday's confirmed multi-million dollar exploit, BNB Chain based protocol Ankr took to its company blog on Dec. 2 to relay its next steps to users. The team said it was identifying liquidity providers to decentralized exchanges as well as protocols supporting aBNBc or aBNBb LP. The group also said it is assessing aBNBc collateral pools, such as Midas and Helio. According to the post, Ankr intends to purchase $5 million worth of BNB, which it will use to compensate liquidity providers affected by the exploit. However, the company said it only intends to compensate LPs who were "caught off …
Technology / Dec. 2, 2022
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023
What is opportunity cost? A definition and examples
Opportunity cost, explained Opportunity cost is a concept in economics that refers to the value of the next best alternative that is forgone when making a choice — i.e., the cost of the best alternative that is not chosen. Consider the scenario when you have a limited budget and are debating between buying a new laptop or going on vacation. The value of the vacation you could have taken with the same amount of money would be the opportunity cost if you decide to buy the laptop. Similarly, if you decide to take the vacation, the opportunity cost would be …
Decentralization / March 1, 2023