Here’s how three DeFi protocols lost $115M in one day
Three DeFi protocols were hacked and drained of $115 million yesterday, marking one of the most devastating 24-hour periods in DeFi’s recent history.
Mango Markets, Stax, and Rabby Swap were relieved of $112 million, $2.36 million, and $200,000 respectively. Decentralized exchange aggregator ParaSwap was also reported to have been hit but has since denied the rumors.
Here's a tweet that should make you shudder...
This time, it isn't bridges being bombed, but just bad "smart" contracts with exploitable loopholes.
Mango $100M Attack: How a Whale Swindled a Solana DeFi Favorite
While the Mango team said that the MNGO price manipulation was exacerbated after oracles updated to show an inflated price for the token, the oracles worked as designed. Contrary to some reports, this was not an oracle-specific attack, but rather a classic example of market manipulation. The whale was able to execute the attack because they had millions of dollars worth of USDC collateral, and they took advantage of the thin trading on the Mango platform. Such attacks can pose a threat to other lending protocols like Mango with similarly low trading activity.
More naive defi, with simple oracles (that are in no way oracular) and low volumes making some protocols very vulnerable to manipulation. This doesn't even need to be a "hack", just a very large stake causing a tsunami in a small pond.
What happened next also shows the vulnerabilities of DAOs.
Posting on the Mango DAO governance forum, the attacker presented a proposal that would see them return the majority of the drained funds if the Mango team agreed to use $70 million worth of USDC from its treasury to repay the protocol’s “bad debt.” If passed, the treasury would go to Mango users who had deposited to the now-drained protocol.
Decentralised governance is wonderful, isn't it!?
Need NewFi - better algorithms and more secure contracts.