How Market Manipulation Led to a $100M Exploit on Solana DeFi Exchange Mango

A rogue crypto trader utilized millions of dollars to manipulate the prices of Mango’s MNGO tokens on the namesake decentralized exchange (DEX) to eventually drain over $116 million in liquidity from the platform.

The exchange allows users to trade spot and perpetual futures using its on-chain trading interface at low fees. Some $30 million worth of crypto was traded on the exchange in the past 24 hours, as per CoinGecko data.

The move stemmed amid ongoing drama surrounding a bad debt within the Solana DeFi ecosystem that involved the lending application Solend and Mango.

As reported earlier this morning, Mango and Solend teamed up earlier this year to put together funds to bailout a large Solana whale that had $207 million in debt spread across multiple lending platforms – in a move that was supposed to backstop potential losses across the Solana ecosystem if the whale’s position were to be liquidated.

How the exploit took place

Solana-based Mango, like other DEXs, relies on smart contracts to match trades between decentralized finance (DeFi) users. This is key to understanding how the exploit took place: Smart contracts are wholly decentralized and are not overseen by a centralized party – which means a rogue trader can deploy enough money to exploit loopholes in any protocol without the risk of anyone stepping in to stop the attack before it takes place.

Two accounts were used to conduct the attack. On account “A,” the trader initially used 5 million USD Coin (USDC) to purchase 483 million MNGO and go short, or bet against, the asset. Then on account “B,” the trader used another 5 million USDC to buy the same amount of MNGO, using 10 million USDC in total to effectively hedge his position, data on Mango pointed out by Genesis head of derivatives Joshua Lim shows.

3/ at 6:24 PM ET, attacker funded acct B (4ND8F...) with 5mm USDC collateral to buy those 483mm units of MNGO perps, at a price of $0.0382 per unithttps://t.co/ZHTcy9cWiF pic.twitter.com/ZCzuAYPsXE

— Joshua Lim (@joshua_j_lim) October 12, 2022

The trader then used more funds to buy up spot MNGO tokens, taking its price from just 2 cents to as much as 91 cents within a ten-minute span. This was possible as spot MNGO was a thinly-traded token with low liquidity, which allowed the rogue trader to manipulate prices quickly.

As spot MNGO prices increased, the trader’s account “B” quickly racked up some $420 million in unrealized profits. The attacker then took out over $116 million in liquidity from all tokens available on Mango, which effectively wiped out the protocol.

Spot MNGO prices soon corrected back to 2 cents, falling under the prices that the trader first used to purchase MNGO futures on account “A.” That account sits at over $6 million in profits at writing time – but there’s no liquidity left in the platform to pay the trader out.

All in all, the rogue trader used over 10 million USDC to take out over $116 million from Mango, paying minimal fees for conducting the attack and doing everything within the parameters of how the platform was designed. Mango wasn’t hacked, it worked exactly as intended, and a savvy trader, albeit with nefarious intentions, managed to wring token liquidity out.

It’s important to note that the above manipulative strategy won't work on two centralized exchanges, because a trader placing high bids on one venue would mean prices automatically move higher on that exchange and other exchanges immediately raise the price of assets on their own systems – meaning the strategy is unlikely to net any profits.

Meanwhile, Mango developers said early Wednesday that they reviewed the exploit and blamed faulty oracle provider Pyth for the lapse. Oracles are third-party tools that fetch data from outside a blockchain to within it.

Mango’s claim was one that Pyth’s backers defended. “The attacker pumped and dumped the mango token, which is a thinly traded token,” wrote Kanav Kariya, president at Jump Crypto, a crypto fund that has heavily backed Pyth, in a tweet.

“Oracles just report the price. Pyth/Switchboard accurately reported the prevailing prices on exchanges,” Kariya added. MNGO is down 40% in the past 24 hours.