October Already Record Month for Hacks and Exploits

BNB funds still up in the air, Mango Markets hacker leaves on-chain trail


Blockworks exclusive art by axel Rangel


key takeaways

  • Hackers have grossed $718 million so far during October, Chainalysis says
  • At least four known exploits targeted DeFi protocols on Oct. 11 alone

The culprit behind the $112 million siphoned from Mango Markets, a decentralized finance trading platform on the Solana blockchain, may have trouble cashing out.

The attacker manipulated the spot price of the Mango governance token (MNGO) on centralized exchanges, then used the inflated coins as collateral to borrow stablecoins, leaving the protocol with bad debt once the price of MNGO returned to Earth.

The exploiter then proposed to return a fraction of the funds via the platform’s governance system. In a curious twist, the exploiter’s address, it emerged, turned out to be the leading “yes” vote for that proposal.

The ill-gotten stablecoins can be traced on the blockchain from Solana to corresponding USD Coin (USDC) transfers on Ethereum. The funds were then swapped through a decentralized exchange to dai (DAI), which removed the risk of being frozen by USDC issuer Circle.

“Circle is investigating the incident in question and will take appropriate action,” a Circle spokesperson told Blockworks.

The Ethereum wallet that received the stolen funds now holds over $30 million in assets, including the ENS domain ponzishorter.eth. The wallet has a long history of NFT and DeFi-related transactions — unusual for a heist of this magnitude, where perpetrators tend to limit links to any potentially identifying information. That may aid law enforcement or exchange investigators seeking to link the address to a real person.

The incident revealed a weakness in Mango Markets’ price oracle, which FTX CEO Sam Bankman-Fried described as a failure of risk management.

Four DeFi hacks in one day

The Mango Markets hack stood out for the large quantity of funds that was stolen. However, it was just one of four attacks on decentralized finance (DeFi) protocols that took place on Oct. 11. In total, approximately $115 million was stolen.

The second-largest exploit targeted TempleDAO, a yield-farming DeFi protocol, resulting in the loss of 1,831 ether, or $2.34 million at press time. 

Stax, a decentralized application powered by TempleDAO, tracked the address of the actor responsible, and in the meantime, cautioned users against making further deposits into STAX contracts.

In third place, layer-1 blockchain QANplatform suffered a bridge hack during which 1.4 billion QANX tokens, or just over $1 million, were drained from the QANX Bridge on both the Binance Smart Chain (BSC) and Ethereum.

The company stated that only the QANX Bridge smart contract deployer wallet was compromised — and that affected QANX token holders will be compensated.

The last target of Oct. 11 was Ethereum wallet service Rabby, which reported an exploit in its smart contract for its Rabby Swap feature that resulted in an approximately $200,000 loss. It is still reportedly tracking the stolen funds.

These attacks all took place days after the exploit of Binance’s BNB Chain that affected the BSC Token Hub — the native cross-chain bridge between BNB Beacon Chain and BNB Smart Chain. The hacker successfully extracted around $100 million before being shut down.

BNB Chain is assessing next steps to upgrade and remedy the vulnerability.

“BNB Chain is less decentralized than Ethereum now, but more decentralized than many others. It will become more and more decentralized as our tech team continues to make progress,” according to a BNB Chain blog post.

It’s been a rough year

The month of October — which is less than halfway through — has recorded the highest value hacked all year — $718 million across 11 different DeFi protocols so far, according to blockchain analytics unit Chainalysis.

Loading Tweet..

The second-highest month was March, due to the Ronin network’s breach for roughly $625 million, or 173,600 ether and 25.5 million USDC — the largest single hack to date. 

Chainalysis suggests that if this trend continues, 2022 will “likely surpass 2021 as the biggest year for hacking on record.”

Last year recorded over 200 hacks and more than $3 billion in losses. This year has already seen 125 hacks as it approaches the $3 billion threshold.

Cross-chain bridges appear to be a major target for hackers, accounting for 82% of losses this month and 64% of losses all year, according to Chainalysis data.

Youwei Yang, chief economist at bitcoin mining company BIT Mining Limited, told Blockworks that the technology behind cross-chain bridges “has to take some time to develop more thoroughly,” and attributes most problems to “the validators that are not that large of a group nor decentralized enough.”

He added that frequent hacks are “another reason why institutional investors — especially old money — are not fully ready to join the crypto force yet.”

Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the On the Margin newsletter.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.


Upcoming Events

Salt Lake City, UT

MON - TUES, OCT. 7 - 8, 2024

Blockworks and Bankless in collaboration with buidlbox are excited to announce the second installment of the Permissionless Hackathon – taking place October 7-8 in Salt Lake City, Utah. We’ve partnered with buidlbox to bring together the brightest minds in crypto for […]

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research Report Templates.png


ZKPs enable efficient offchain transaction processing and validation, resulting in increased throughput and reduced fees. Solana's ZK Compression leverages ZKPs to minimize onchain storage costs, while Sui's zkLogin streamlines user onboarding by replacing complex key management with familiar OAuth credentials.


The crypto asset manager lowered its planned fee from 0.25% to 0.15%, undercutting its competitors


Plus, a look at planned ETH ETF fees and how they differ from their BTC counterparts


North Korea suspected in breach of Indian exchange’s multisig wallet


Plus, Sanctum’s CLOUD token has officially launched — but not without problems


It’s not yet clear whether Donald Trump is pumping bitcoin. But an unofficial memecoin is still seeing benefit.