Mango Treasury Hack: Culprit Offers a Settlement
The hacker has already received death threats for his/her settlement proposal.
Another crypto heist worth millions took place in the crypto-verse.
On Oct.12 a Solana-based DeFi platform the Mango Treasury reported a hack, as a result of which the culprit drained just over $100 million from Mango via an oracle price manipulation.
“We are taking steps to have third parties freeze funds in flight,” the company tweeted, adding that it is disabling deposits on the front end as a precaution and will keep the audience updated as the situation develops while asking others to contact them via [email protected] to discuss a bounty for the return of funds.
In an unexpected twist, just one day later the hacker published a message on the Mango Markets decentralized autonomous organization governance forum offering a settlement, saying “hi all” and “that the mango treasury has about 70M USDC available to repay bad debt.”
I propose the following. If this proposal passes, I will send the MSOL, SOL, and MNGO in this account to an address announced by the mango team. The mango treasury will be used to cover any remaining bad debt in the protocol, and all users without bad debt will be made whole. Any bad debt will be viewed as a bug bounty/insurance, paid out of the mango insurance fund,reads part of the message.
The hacker added that should this proposal get the green light, it would mean that the mango token holders agree to pay this bounty and pay off the bad debt with the treasury and waive any potential claims against accounts with bad debt. They would also agree not to pursue any criminal investigations or freeze funds once the tokens are sent back, as per the exploiter’s plan.
S/he also supported his own proposal using millions of tokens stolen from the exploit, albeit failing to hit the desired quorum. The vote is ongoing press-time.
The community’s reaction was expectedly extremely negative. One user wrote, "you're disgusting. What you did is wrong in every way possible. The responsible thing to do would have been to disclose the vulnerability to the team, NOT EXPLOIT IT. I hope the law enforcement community shows you ZERO MERCY."
Another user was even more vocal, promising death threats and torture, adding that “there is no quick or painless death for your type.”
The latest hack is just one of the many in the crypto-verse. On Oct.11 the QANplatform blockchain also suffered from an exploit, with hackers draining around $1.89 million worth of its native QANX token.
Just several days before that, the BNB Smart Chain was hacked.
Previously, GNCrypto explained how to protect your Sol and USDC.