Wednesday, November 9, 2022

DeFi Exploit Season, TempleDAO and MangoMarkets Lose Millions in Attacks

It must be the season of decentralized finance (DeFi) exploits as there have been three attacks over the past 24 hours.


Reports are emerging this morning of an attack on the TempleDAO yield farming protocol. The alert came in from blockchain security firm PeckShield on Oct. 11, stating that the attacker had transferred 1,831 ETH worth around $2.34 million from the protocol.

Details are thin on the ground at the moment, but the exploit appears to have involved STAX and FRAX, which were part of its staking vaults. The liquidity provider smart contract for STAX was exploited, resulting in losses, according to Paladin Blockchain Security.

Mango Markets Mauled
The loss of $2.3 million was dwarfed by the amount pilfered from the Solana-based Mango Markets DeFi derivatives platform a few hours later.

On Oct. 12, Mango Markets reported that it had suffered an exploit due to an attacker manipulating an oracle price and draining liquidity. As much as $100 million appears to have been pilfered in the hack.

What actually occurred was a self-funded economic attack with the exploiter loading up an account with $5.5 million USDC. They then used this to take out a perpetual futures contract for the MNGO token and traded against it. This manipulated the price of MNGO upwards, allowing the attacker to take out Mango treasury loans and drain the liquidity before it crashed.


Blockchain security firm OtterSec was one of the first to report and explain the exploit, which did not involve flash loans.

The attacker has since opened a Mango DAO governance proposal that all bad debts be paid from the $70 million treasury for a return of the stolen tokens and a bounty for the perpetrator.

MNGO token prices have dumped around 50% since the attack, and there is little liquidity left in the protocol to settle outstanding derivative contracts.

QANplatform Hacked
The third attack to occur over the past day was a bridge exploit on the QANplatform. As reported by CryptoPotato on Oct. 11, around $1 million was stolen from the quantum-resistant layer-1 blockchain causing its QANX token price to collapse.

Almost half of the protocol’s token supply of 3.3 billion was stolen in this latest bridge attack.

The three exploits come less than a week after BNB Chain was drained for as much as $500 million forcing the company to freeze the network.

No comments:

Post a Comment