Cryptocurrency hacks are a common occurrence with at least $718 million stolen so far in October alone.
Which raised last year’s total balance of $3 billion and put 2022 on track to be a record for total value hacked, according to Blockchain Chainalysis Inc.
After the platform promised not to prosecute the hackers or freeze the funds, as more than 100 million dollars were stolen in a theft operation, a hacker got 50 million dollars in the theft of Mango DeFi
In detail, the Mango DAO community on Saturday recovered a portion of about $100 million stolen this week after allowing the hacker to keep about $50 million in funds.
$67M in various crypto assets have been returned to the DAO. Let’s meet up on Monday 3 PM UTC on the Mango discord to discuss, how we can sort out this mess.
— Mango (@mangomarkets) October 15, 2022
The settlement concludes several days of tense negotiations between the hacker and Mango, which are governed by a community of token holders who vote on any changes.
Shortly after the theft, the hacker posted a proposal on the Application Governance Forum demanding that bad debts be cleared on the platform – a deal that was not approved by the majority of Mango token holders even after the hacker voted for it with some of the stolen tokens.
Mango then posted a counteroffer, offering to let the hacker hold about $50 million to return the rest of the money with the promise of no criminal prosecution and erasure of bad debts.
We hopefully all agree that development speed should not sacrifice safety, hence there is no concrete timeline for when protocol users will regain access to their funds.
— Mango (@mangomarkets) October 15, 2022
Money back
“We’ve received a notification of the refund,” Mango’s Maximilian Schneider said in a Discord message. Community members are expected to meet to discuss how to return the $67 million to users, with plans to be voted on next week, according to Mango’s Twitter.
In a series of tweets on Saturday, someone took responsibility for the hack, saying that he “shared a very profitable trading strategy with a team last week” on Mango.
“I believe all of our actions were legal proceedings open to the market, using the protocol as designed, even if the development team didn’t fully anticipate all the consequences of setting standards the way they are,” according to the account claiming to be Avraham Eisenberg.
The Mango followers reaction mostly was like this below, seems feel suspicious of this hack!
Like this if you feel suspicious of this hack pic.twitter.com/hkryQ1syCj
— pwn (@__pwn__) October 15, 2022
Biggest return in a year
When accessed on Twitter, the user did not immediately provide proof of his identity.. Schneider of Mango noted that the tweet came from the hacker, saying he did not agree that the actions were legal.
The payout will probably be the biggest ever for hackers in over a year.
Earlier, PolyNetwork offered an attacker who drained $610 million from the platform a job and a reward in return for the money, which was eventually compensated.
The rewards can run into the millions – but they are usually given to programmers who point out vulnerabilities, not to hackers who steal money.
Obvious failure
“This is a clear failure of secure governance,” said Michael Leolin, head of solutions engineering at Cryptographic Security Provider OpenZeppelin.
If an attacker manages to steal enough tokens to vote himself a reward, it sends a signal that DAOs can be successfully hacked using the stolen tokens to avoid repercussions.
What happened?
In the Mango heist, two accounts funded by the US dollar stablecoin took large positions in the Mango perpetual futures contract, causing the price of the Mango token to rise.
The price jump led to an unrealized profit on the futures contract, as the attacker used it to borrow and withdraw about $100 million, leaving depositors with nothing.
According to DeFi Llama, a hacker stole more than 10% of the total value locked onto the Solana blockchain that Mango relies on.
It is unclear how much the hacker would benefit from the hack, as the attacker invested millions in carrying out the attack.
Cryptocurrency hacks are common, with at least $718 million stolen so far in October alone, raising last year’s $3 billion total balance and putting 2022 on track to be a record total for the total value hacked, according to Blockchain Specialist Chainalysis. Inc.