DeFi Exploitation Season: Attacks Cost TempleDAO and MangoMarkets Millions

    Simar Marwaha
    Simar Marwaha
    Published on October 12, 2022 4:29 PM

    Updated on January 26, 2023 6:15 AM

    The notification, which indicated that the attacker had moved 1,831 ETH worth around $2.34 million from the protocol, was sent on October 11 by blockchain security company PeckShield.
    DeFi Exploitation Season: Attacks Cost TempleDAO and MangoMarkets Millions

    During the downturn market, crypto-related exploits have increased. TempleDAO, an Ethereum-based decentralized finance (DeFi) yield-farming platform, suffered a loss of almost $2.34 million in the most recent theft on Tuesday, October 12.

    BlockSec and PeckShield, two blockchain security firms, validated the attack and stated that "insufficient access to control to the migrate take function" was the main cause of the breach.

    The majority of the stolen money, which was valued in TEMPLE and FRAX, was transferred into ETH using Stax Finance, a TempleDAO dApp that has since temporarily ceased operations, according to PeckShield. The money that was stolen is currently in a different wallet that was previously funded by Binance.

    In case the hacker "chooses to return the assets and obtain a lawful compensation," Stax has said that it is collaborating with Binance to offer up a white hat incentive. According to DeFiLlama, the entire value trapped in the TempleDAO protocol before the vulnerability was estimated to be over $57 million. 4% of the protocol's assets were lost as a result of the assault.

    $100 million hack targets Solana DeFi Protocol

    A considerably larger breach, this time on the Solana blockchain, resulted in the loss of over $100 million by the DeFi protocol Mango Markets on Tuesday, making it a busy day for DeFi hacks.

    Blockchain auditor OtterSec said in a tweet that it was they who first discovered the problem and that the attacker was able to momentarily "spike up Mango's collateral value and then drew out large loans from the Mango treasury."

    Mango acknowledged the occurrence and stated that customers will not be able to withdraw funds since the issue had "completely drained all equity accessible." Unexpectedly, the hacker said in a governance proposal that they were prepared to refund the various stolen tokens totaling $50 million to the Mango treasury.

    The attacker specified, however, that they would only do so if Mango consented to utilize the remaining $70 million USDC in its treasury to repay all users who had no bad debt. If the idea is approved, the burglar would escape with a cool $70 million and would be shielded from any criminal investigations or the threat of having their money seized.

    The proposal is presently open for voting, which will finish on October 14 at 16:12 UTC. At the time of writing, 99% of users, including the hacker who controls about 0.66% of the whole quantity of MNGO tokens, had voted in support of the proposition. 

    MNGO nearly instantly dropped over 50% after the hack. According to CoinMarketCap, it is presently trading at $0.027, 95% below its all-time high of $0.51.

    Just days prior to the assaults on TempleDAO and Mango Markets, the largest cryptocurrency exchange in the world, Binance, had a vulnerability on its BNB chain that cost it more than $100 million.