Decentralized Solana-based trading platform Mango reportedly hit by $100 million exploit

October 12, 2022, 12:59 AM UTC
Illustration by Fortune

Mango Markets, a decentralized trading platform on the Solana blockchain, looks to be the latest victim of a massive hack within the crypto realm.

On Tuesday evening, Mango noted on Twitter that there was “an incident” involving an attacker draining funds. By Wednesday at 12:30 a.m. ET, Mango concluded that market manipulation had allowed the attacker to extract “around $100 million at the time.”

“As of now any Mango users with deposits on the protocol are not able to withdraw assets; This incident has effectively resulted in a total draining of all equity available,” Mango tweeted.

Blockchain audit firm OtterSec also noted that it appeared an attacker “manipulated the price of MNGO up across a number of exchanges, borrowing against their unrealized MNGO gains to drain the protocol.”

OtterSec and Mango both contend that this wasn’t an issue with Solana oracles, and note that prices were manipulated on exchanges.

After the incident, the attacker then made a Mango governance proposal to ask for Mango token holders to waive any criminal investigation, provide a bounty, and waive any “bad debt” on the protocol. As of Wednesday morning, the vote is 99% yes, with 33,254,078 in favor.

Fortune reached out to Mango and Solana for comment but didn’t immediately hear back.

This potential exploit is among a string of hacks to hit the crypto ecosystem recently—there were multiple hacks just on Tuesday, and last week, a bridge used by crypto exchange Binance was hacked for about $100 million.

The Solana ecosystem has had a particularly rough year: The blockchain itself has dealt with multiple outages, degraded performance, and network instability. On Sept. 30, for example, Solana had a major outage that took hours to recover from. Solana-based applications have experienced security issues as well, including the recent $5 million Slope Wallet hack.

This story has been updated to reflect the amount extracted during the exploit and to add details on what happened from Mango and OtterSec.

Sign up for the Fortune Features email list so you don’t miss our biggest features, exclusive interviews, and investigations.