{"id":9849,"date":"2022-10-15T18:53:00","date_gmt":"2022-10-15T22:53:00","guid":{"rendered":"http:\/\/cryptocornercafe.com\/cafe\/?p=9849"},"modified":"2022-10-15T18:53:00","modified_gmt":"2022-10-15T22:53:00","slug":"mango-madness-exploiter-could-walk-away-with-unparalleled-50m-bug-bounty","status":"publish","type":"post","link":"http:\/\/cryptocornercafe.com\/cafe\/2022\/10\/15\/mango-madness-exploiter-could-walk-away-with-unparalleled-50m-bug-bounty\/","title":{"rendered":"Mango Madness: Exploiter Could Walk Away With Unparalleled ~$50M Bug Bounty"},"content":{"rendered":"

Forget March Madness, Mango Madness is in season this time of year. The Solana-based lending protocol has been a spectacle unlike any other throughout this week, and that\u2019s certainly saying something considering the amount of antics crypto brings to the table on frequent occasion. Since our first covering of<\/a> Mango\u2019s exploit that led to a full-fledged drain of the protocol, things have only gotten more twisted and convoluted.<\/p>\n

Let\u2019s take a look at how things have developed this week and where things go for Mango Markets moving forward.<\/p>\n

A Mango Monstrosity<\/p>\n

Mango\u2019s exploiter has generally been seen in the crypto community as less \u201chacker\u201d and more \u201cmanipulator,\u201d if we\u2019re being frank. Regardless, things got interesting after Tuesday\u2019s exploit when the attacker initiated a governance proposal; that proposal is said to have closed. However, a subsequently-created proposal<\/a> by Mango Markets (which has now passed, as of Saturday morning) is phrased as a bug bounty to make users whole, but it settles Mango with just shy of $70M of their existing $114M balance. That leaves the exploiter with a nearly $50M \u2018bug bounty,\u2019 a strikingly large number compared to any previous bug bounty in crypto and one that has led to a large degree of criticism (look no further than the governance proposal\u2019s comment section for evidence of this).<\/p>\n

The exploiter quickly deployed the MNGO tokens that they seized (roughly 30M tokens) to vote in favor of their own initial proposal, but did not seem to vote on the subsequent and closing proposal \u2013 which nonetheless closed at a tally of 473M in favor and 16.6M against. The exploiter has seemingly gained protection through the proposal as well, as the protocol \u201cwill not pursue any criminal investigations or freezing of funds once the tokens are sent back as described,\u201d according to the proposal\u2019s language.<\/p>\n\n

Mango Markets (MNGO) is looking for stable ground to see if recovery is possible following Tuesday’s exploit. | Source: MNGO-USD on TradingView.com<\/a><\/p>\n

What\u2019s Next<\/p>\n

It\u2019s hard to say where we go from here, and what degree of protection that attacker will actually see. The exploiter has reportedly funded attacking accounts with an FTX wallet, and their degree of protection is up for speculation.<\/p>\n

Regardless, even when you deduct the initial $10M balance that the exploiter introduced into Mango, the protocol is generally giving up a heftier sum then usually seen in these scenarios \u2013 one of the largest in crypto\u2019s history, in fact. We\u2019ll see if the protocol can keep the heartbeat alive and shut down critics in the long run.<\/p>\n

Featured image from Pixabay, Charts from TradingView.com
\nThe writer of this content is not associated or affiliated with any of the parties mentioned in this article. This is not financial advice.
\nThis op-ed represents the views of the author, and may not necessarily reflect the views of Bitcoinist. Bitcoinist is an advocate of creative and financial freedom alike.<\/p>","protected":false},"excerpt":{"rendered":"

<\/p>\n

Forget March Madness, Mango Madness is in season this time of year. The Solana-based lending protocol has been a spectacle unlike any other throughout this week, and that\u2019s certainly saying something considering the amount of antics crypto brings to the table on frequent occasion. Since our first covering of<\/a> Mango\u2019s exploit that led to a full-fledged drain of the protocol, things have only gotten more twisted and convoluted.<\/p>\n

Let\u2019s take a look at how things have developed this week and where things go for Mango Markets moving forward.<\/p>\n

A Mango Monstrosity<\/p>\n

Mango\u2019s exploiter has generally been seen in the crypto community as less \u201chacker\u201d and more \u201cmanipulator,\u201d if we\u2019re being frank. Regardless, things got interesting after Tuesday\u2019s exploit when the attacker initiated a governance proposal; that proposal is said to have closed. However, a subsequently-created proposal<\/a> by Mango Markets (which has now passed, as of Saturday morning) is phrased as a bug bounty to make users whole, but it settles Mango with just shy of $70M of their existing $114M balance. That leaves the exploiter with a nearly $50M \u2018bug bounty,\u2019 a strikingly large number compared to any previous bug bounty in crypto and one that has led to a large degree of criticism (look no further than the governance proposal\u2019s comment section for evidence of this).<\/p>\n

The exploiter quickly deployed the MNGO tokens that they seized (roughly 30M tokens) to vote in favor of their own initial proposal, but did not seem to vote on the subsequent and closing proposal \u2013 which nonetheless closed at a tally of 473M in favor and 16.6M against. The exploiter has seemingly gained protection through the proposal as well, as the protocol \u201cwill not pursue any criminal investigations or freezing of funds once the tokens are sent back as described,\u201d according to the proposal\u2019s language.<\/p>\n

Mango Markets (MNGO) is looking for stable ground to see if recovery is possible following Tuesday’s exploit. | Source: MNGO-USD on TradingView.com<\/a><\/p>\n

What\u2019s Next<\/p>\n

It\u2019s hard to say where we go from here, and what degree of protection that attacker will actually see. The exploiter has reportedly funded attacking accounts with an FTX wallet, and their degree of protection is up for speculation.<\/p>\n

Regardless, even when you deduct the initial $10M balance that the exploiter introduced into Mango, the protocol is generally giving up a heftier sum then usually seen in these scenarios \u2013 one of the largest in crypto\u2019s history, in fact. We\u2019ll see if the protocol can keep the heartbeat alive and shut down critics in the long run.<\/p>\n

Featured image from Pixabay, Charts from TradingView.com
\nThe writer of this content is not associated or affiliated with any of the parties mentioned in this article. This is not financial advice.
\nThis op-ed represents the views of the author, and may not necessarily reflect the views of Bitcoinist. Bitcoinist is an advocate of creative and financial freedom alike.<\/p>\n

<\/p>\n","protected":false},"author":0,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[82],"tags":[],"class_list":["post-9849","post","type-post","status-publish","format-standard","hentry","category-blockchain"],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"http:\/\/cryptocornercafe.com\/cafe\/wp-json\/wp\/v2\/posts\/9849","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/cryptocornercafe.com\/cafe\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/cryptocornercafe.com\/cafe\/wp-json\/wp\/v2\/types\/post"}],"replies":[{"embeddable":true,"href":"http:\/\/cryptocornercafe.com\/cafe\/wp-json\/wp\/v2\/comments?post=9849"}],"version-history":[{"count":0,"href":"http:\/\/cryptocornercafe.com\/cafe\/wp-json\/wp\/v2\/posts\/9849\/revisions"}],"wp:attachment":[{"href":"http:\/\/cryptocornercafe.com\/cafe\/wp-json\/wp\/v2\/media?parent=9849"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/cryptocornercafe.com\/cafe\/wp-json\/wp\/v2\/categories?post=9849"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/cryptocornercafe.com\/cafe\/wp-json\/wp\/v2\/tags?post=9849"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}