October Already Record Month for Hacks and Exploits

BNB funds still up in the air, Mango Markets hacker leaves on-chain trail

article-image

Blockworks exclusive art by axel Rangel

share

key takeaways

  • Hackers have grossed $718 million so far during October, Chainalysis says
  • At least four known exploits targeted DeFi protocols on Oct. 11 alone

The culprit behind the $112 million siphoned from Mango Markets, a decentralized finance trading platform on the Solana blockchain, may have trouble cashing out.

The attacker manipulated the spot price of the Mango governance token (MNGO) on centralized exchanges, then used the inflated coins as collateral to borrow stablecoins, leaving the protocol with bad debt once the price of MNGO returned to Earth.

The exploiter then proposed to return a fraction of the funds via the platform’s governance system. In a curious twist, the exploiter’s address, it emerged, turned out to be the leading “yes” vote for that proposal.

The ill-gotten stablecoins can be traced on the blockchain from Solana to corresponding USD Coin (USDC) transfers on Ethereum. The funds were then swapped through a decentralized exchange to dai (DAI), which removed the risk of being frozen by USDC issuer Circle.

“Circle is investigating the incident in question and will take appropriate action,” a Circle spokesperson told Blockworks.

The Ethereum wallet that received the stolen funds now holds over $30 million in assets, including the ENS domain ponzishorter.eth. The wallet has a long history of NFT and DeFi-related transactions — unusual for a heist of this magnitude, where perpetrators tend to limit links to any potentially identifying information. That may aid law enforcement or exchange investigators seeking to link the address to a real person.

The incident revealed a weakness in Mango Markets’ price oracle, which FTX CEO Sam Bankman-Fried described as a failure of risk management.

Four DeFi hacks in one day

The Mango Markets hack stood out for the large quantity of funds that was stolen. However, it was just one of four attacks on decentralized finance (DeFi) protocols that took place on Oct. 11. In total, approximately $115 million was stolen.

The second-largest exploit targeted TempleDAO, a yield-farming DeFi protocol, resulting in the loss of 1,831 ether, or $2.34 million at press time. 

Stax, a decentralized application powered by TempleDAO, tracked the address of the actor responsible, and in the meantime, cautioned users against making further deposits into STAX contracts.

In third place, layer-1 blockchain QANplatform suffered a bridge hack during which 1.4 billion QANX tokens, or just over $1 million, were drained from the QANX Bridge on both the Binance Smart Chain (BSC) and Ethereum.

The company stated that only the QANX Bridge smart contract deployer wallet was compromised — and that affected QANX token holders will be compensated.

The last target of Oct. 11 was Ethereum wallet service Rabby, which reported an exploit in its smart contract for its Rabby Swap feature that resulted in an approximately $200,000 loss. It is still reportedly tracking the stolen funds.

These attacks all took place days after the exploit of Binance’s BNB Chain that affected the BSC Token Hub — the native cross-chain bridge between BNB Beacon Chain and BNB Smart Chain. The hacker successfully extracted around $100 million before being shut down.

BNB Chain is assessing next steps to upgrade and remedy the vulnerability.

“BNB Chain is less decentralized than Ethereum now, but more decentralized than many others. It will become more and more decentralized as our tech team continues to make progress,” according to a BNB Chain blog post.

It’s been a rough year

The month of October — which is less than halfway through — has recorded the highest value hacked all year — $718 million across 11 different DeFi protocols so far, according to blockchain analytics unit Chainalysis.

Loading Tweet..

The second-highest month was March, due to the Ronin network’s breach for roughly $625 million, or 173,600 ether and 25.5 million USDC — the largest single hack to date. 

Chainalysis suggests that if this trend continues, 2022 will “likely surpass 2021 as the biggest year for hacking on record.”

Last year recorded over 200 hacks and more than $3 billion in losses. This year has already seen 125 hacks as it approaches the $3 billion threshold.

Cross-chain bridges appear to be a major target for hackers, accounting for 82% of losses this month and 64% of losses all year, according to Chainalysis data.

Youwei Yang, chief economist at bitcoin mining company BIT Mining Limited, told Blockworks that the technology behind cross-chain bridges “has to take some time to develop more thoroughly,” and attributes most problems to “the validators that are not that large of a group nor decentralized enough.”

He added that frequent hacks are “another reason why institutional investors — especially old money — are not fully ready to join the crypto force yet.”


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

recent research

LTIPPanalysis.png

Research

This report is a retroactive analysis of Arbitrum's Long Term Incentives Pilot Program (LTIPP). We collect relevant data at a protocol level and review bi-weekly updates to analyze recipients, their strategies, and the impact of the incentives on high level growth metrics. In particular, we want to highlight outperformers and underperformers, and glean any best practices or lessons learned for protocols distributing ARB incentives in the future. The overarching goal is to synthesize lessons learned that the DAO can reference as it begins thinking about future incentives programs–namely, the working group for incentives that is being actively discussed–especially as Timeboost introduces new conditions for trading and economic activity.

article-image

OFAC sanctioned Tornado Cash in 2022, claiming the mixer had been used to launder more than $7 billion in crypto

article-image

The Fed’s preferred inflation gauge showed that prices increased 0.2% from September and 2.3% annually

article-image

While acknowledging potential headwinds for risk assets, Galaxy’s Alex Thorn notes there are also plenty of catalysts

article-image

BuilderNet is a new block building network designed to return more MEV and gas fees to users

article-image

Ledn’s John Glover gives some price targets to watch for bitcoin

article-image

Sponsored

AI project Zerebro intersects the spheres of artificial intelligence, finance, art, music, and culture