Solana ecosystem DeFi platform Mango has released a detailed report of the attack and suggests that the most constructive way to approach this is to continue communicating with the hacker to attempt to resolve the issues amicably.
According to Mango, around 22:00 UTC on October 11th the protocol had an incident involving the following: 2 accounts funded with USDC took an outsized position in MNGO-PERP and the underlying MNGO/USD prices on various exchanges (FTX, Ascendex) experienced a 5-10x price increase in a matter of minutes. This led to Switchboard and Pyth oracles updating their MNGO benchmark price to $0.15+. This further caused a mark-to-market increase in the value of the account that was long MNGO-PERP from the unrealized profit, which allowed the account to borrow and withdraw BTC (sollet), USDT, SOL, mSOL, USDC out of the Mango protocol. This maxed out the borrows available from the $190 million equivalent deposits on the platform. The net value extracted by the account was around $100 million equivalent at the time. At 02:37 UTC on October 12th, the Mango program instructions were frozen to prevent any users from further interacting with the protocol.
Currently, Mango DAO's priorities are to prevent any further unnecessary losses, make sure depositors of the Mango protocol are made whole, and try and salvage some value in Mango DAO and protocol.
Previously, blockchain security agency OtterSec tweeted that the DeFi platform Mango had been hit by a potential $100 million attack. In response, Mango said its team was investigating the attack and taking steps to have third parties freeze funds in flight, as well as disabling deposits on the front end. Subsequently, Solana-based algorithmic stablecoin protocol UXD Protocol said that it was affected by nearly $20 million in the Mango attack and that its insurance fund has more than enough capital to cover losses. Solana ecosystem yield aggregator platform Tulip Protocol said that the funds affected in this attack were about $2.5 million and said the team has enough funding to backstop the losses if necessary.
So far, PeckShieldAlert has monitored that the Mango exploiter has transferred 57.5 million $USDC to a new address.