Connect with us

Blockchain

manipulation of MNGO Oracle; $100 million drained from the protocol

Avatar

Published

on

join us cable A channel to stay up to date on breaking news coverage

An alleged group of hackers got away with $100 million by exploiting the Mango Markets protocol and recent evidence has turned attention to the hacker’s possible identity.

Mango Markets, a Solana-based protocol, recently announced in a tweet that the Defi protocol had become the victim of a hack that supposedly drained funds from the protocol through oracle price manipulation.

MNGO Oracle is being manipulated

According to OtterSec, a blockchain auditing site, the hacker funded an account with USDC stablecoin. This was done by taking a large position in the perpetual futures market for the Mango token (MNGO-PERP). Thus, the price of the coin inflated from $0.3 to $0.91, while the price increased by 5-10 times on many exchanges. This has been used as a reference for the MNGO-PERP price.

Advertisement

As a result, Switchboard and Pyth oracles have updated the benchmark price of MNGO to over $0.15. Increase the value of the long account on MNGO-PERP, thus helping the account to borrow and withdraw approximately $100 million in BTC, USDT, SOL, MSOL and USDC.

Shortly after the exploit was discovered, the Mango protocol was frozen at 02:37 UTC on October 12 – to protect other users’ funds from a sudden price increase.

“As of now, none of Mango users who have deposits in the protocol will be able to withdraw assets; this incident has effectively led to a complete drain on all available shares,” Mango wrote in a tweet.

Pirates demand settlement

After the incident, the hackers behind the attack demanded a settlement over Mango DAO, showing a willingness to negotiate the matter.

Advertisement

“I will send MSOL, SOL and MNGO in this account to an address declared by the Mango Team. The Mango Locker will be used to cover any bad debts left in the protocol, and all users who do not have bad debts will be made full. Any bad debts will be considered as a bonus/insurance Against errors, it is paid from the mango insurance fund. Read the proposal.

The hackers (funny enough) used the stolen codes to vote for them. They asked users to vote in favor of the proposal and demanded that any criminal investigations be dropped in the matter.

The team is looking to engage with the attackers directly to resolve the issue, and this can be understood in the tweet that says “We believe the most constructive way to deal with this matter is to continue to communicate with those responsible for the incident and to have the funds removed from the protocol to try to resolve the issues amicably.”

On-chain activity raises doubts about the identity of the attacker

according to Report From independent investigator Chris Brunet, a crypto trader by the name of Avraham Eisenberg was responsible for draining funds from Mango’s treasury.

Eisenberg allegedly discussed the protocol exploit on a Discord server about a week before the actual incident. The strategy Eisenberg discussed was similar to that shown in the Mango exploit.

Advertisement

The idea to exploit the protocol was presented on October 5. This was when Eisenberg wrote in a message “I’m investigating a platform that may result in a 9-digit payday,” under the username Vires Creditor and Honest Person. Furthermore, the attacker refused to announce the attack vector. Either way, the hacker won’t get much reward given the small size of the protocol cabinet.

Eisenberg described attack strategy as an act of arbitrage, describing “You take a long position. Then you make [the price] Go up. And then you pull all the protocols [total locked value]. The attack was seen simply as a trade that takes advantage of the asset’s price volatility.

Another such example

He also mentioned exploiting the Ethereum lending protocol in a similar way. However, he suggested that the exploit was “more annoying than I had in mind”. Because it would require at least $10 million up front to operate.

A few months ago, Eisenberg submitted the ENS name to one of his Ethereum addresses – ponzishorter.eth. It received $7,500,000 from the circuit from the circuit at 23:28:35 UTC, while the hacker’s wallet sent $7,519,769,12 to the circuit from Solana at 23:27:07 UTC. These transactions occurred within two minutes.

The true identity of the hacker can be inferred by timing the transactions closely. But any claims made so far have not been verified.

Advertisement

Mango Market is a Solana-based decentralized exchange, while MNGO is the platform token. It has a current market capitalization of $25 million and is ranked #511 on coinmarketcap.com. The token is currently trading at $0.02527.

Read more:

IMPT
  • Early stage pre-sale live now
  • Doxxed Professional Team
  • Use Cases in Industry – Offsetting Carbon Footprint

IMPT


join us cable A channel to stay up to date on breaking news coverage

Advertisement

Source link

Continue Reading
Advertisement
Click to comment

Leave a Reply

Your email address will not be published.

Blockchain

Ripple is filing a final submission against the SEC as the landmark case draws to a close

Avatar

Published

on

The most talked about crypto case involving the US Securities and Exchange Commission (SEC) and Ripple is coming to an end after a two-year battle.

On Dec. 2, the SEC and Ripple both filed redacted responses to each other’s opposition to motions for summary rulings.

Ripple argued in his move document that the SEC had failed to prove that its offering of XRP between 2013 and 2020 was an offer or sale of an “investment contract” and therefore a security under federal security laws.

Advertisement

Ripple concluded the document by saying that “the court should grant the defendant’s request and should reject the SEC motion.”

This is Ripple’s “final submission,” Ripple General Counsel Stuart Alderotti said on Twitter on Dec. 3, asking the court to “make” a ruling in its favor.

He also stated that Ripple is proud of the defense it filed “on behalf of the entire cryptocurrency industry,” noting that Ripple “always played it straight with the court,” and took a subtle swing at the SEC saying that “the same cannot be said for our opponent.”

In another Twitter post, Alderoty continued to criticize the SEC on Dec. 5, referring to it as a “reversion regulator,” citing two statements suggesting they are on ends with each other.

Ongoing legal dispute Between the SEC and Ripple It began in December 2020 when the Securities and Exchange Commission initiated legal action against Ripple claiming that it raised $1.3 billion by offering Ripple’s native cryptocurrency XRP as an unregistered security.

Related: Investors are increasingly confident in Ripple’s victory over the SEC: CoinShares

Earlier November 30 on Twitter threadThere are only three cases left to be resolved in SEC vs Ripple, former federal prosecutor James Phelan said.

Advertisement

This includes summary motions for judgment, expert challenges, and seal issues related to the Expert Reports, Hinman documents, and other materials on which the SEC and Ripple have relied in their motions.

Hinman documents refer to the speech given by William Hinman at the Yahoo Finance All Markets Summit in June 2018, where He stated that ether (ETH) was not a security.

Phelan believes that Justice Torres will not handle the three big cases “separately,” and instead will decide “everything together, and once she rules on the motions for summary judgment, a ‘big written judgment’ will be rendered — likely” on or before March 31. ) 2023.”