October Already Record Month for Hacks and Exploits
BNB funds still up in the air, Mango Markets hacker leaves on-chain trail
Blockworks exclusive art by axel Rangel
key takeaways
- Hackers have grossed $718 million so far during October, Chainalysis says
- At least four known exploits targeted DeFi protocols on Oct. 11 alone
The culprit behind the $112 million siphoned from Mango Markets, a decentralized finance trading platform on the Solana blockchain, may have trouble cashing out.
The attacker manipulated the spot price of the Mango governance token (MNGO) on centralized exchanges, then used the inflated coins as collateral to borrow stablecoins, leaving the protocol with bad debt once the price of MNGO returned to Earth.
The exploiter then proposed to return a fraction of the funds via the platform’s governance system. In a curious twist, the exploiter’s address, it emerged, turned out to be the leading “yes” vote for that proposal.
The ill-gotten stablecoins can be traced on the blockchain from Solana to corresponding USD Coin (USDC) transfers on Ethereum. The funds were then swapped through a decentralized exchange to dai (DAI), which removed the risk of being frozen by USDC issuer Circle.
“Circle is investigating the incident in question and will take appropriate action,” a Circle spokesperson told Blockworks.
The Ethereum wallet that received the stolen funds now holds over $30 million in assets, including the ENS domain ponzishorter.eth. The wallet has a long history of NFT and DeFi-related transactions — unusual for a heist of this magnitude, where perpetrators tend to limit links to any potentially identifying information. That may aid law enforcement or exchange investigators seeking to link the address to a real person.
The incident revealed a weakness in Mango Markets’ price oracle, which FTX CEO Sam Bankman-Fried described as a failure of risk management.
Four DeFi hacks in one day
The Mango Markets hack stood out for the large quantity of funds that was stolen. However, it was just one of four attacks on decentralized finance (DeFi) protocols that took place on Oct. 11. In total, approximately $115 million was stolen.
The second-largest exploit targeted TempleDAO, a yield-farming DeFi protocol, resulting in the loss of 1,831 ether, or $2.34 million at press time.
Stax, a decentralized application powered by TempleDAO, tracked the address of the actor responsible, and in the meantime, cautioned users against making further deposits into STAX contracts.
In third place, layer-1 blockchain QANplatform suffered a bridge hack during which 1.4 billion QANX tokens, or just over $1 million, were drained from the QANX Bridge on both the Binance Smart Chain (BSC) and Ethereum.
The company stated that only the QANX Bridge smart contract deployer wallet was compromised — and that affected QANX token holders will be compensated.
The last target of Oct. 11 was Ethereum wallet service Rabby, which reported an exploit in its smart contract for its Rabby Swap feature that resulted in an approximately $200,000 loss. It is still reportedly tracking the stolen funds.
These attacks all took place days after the exploit of Binance’s BNB Chain that affected the BSC Token Hub — the native cross-chain bridge between BNB Beacon Chain and BNB Smart Chain. The hacker successfully extracted around $100 million before being shut down.
BNB Chain is assessing next steps to upgrade and remedy the vulnerability.
“BNB Chain is less decentralized than Ethereum now, but more decentralized than many others. It will become more and more decentralized as our tech team continues to make progress,” according to a BNB Chain blog post.
It’s been a rough year
The month of October — which is less than halfway through — has recorded the highest value hacked all year — $718 million across 11 different DeFi protocols so far, according to blockchain analytics unit Chainalysis.
The second-highest month was March, due to the Ronin network’s breach for roughly $625 million, or 173,600 ether and 25.5 million USDC — the largest single hack to date.
Chainalysis suggests that if this trend continues, 2022 will “likely surpass 2021 as the biggest year for hacking on record.”
Last year recorded over 200 hacks and more than $3 billion in losses. This year has already seen 125 hacks as it approaches the $3 billion threshold.
Cross-chain bridges appear to be a major target for hackers, accounting for 82% of losses this month and 64% of losses all year, according to Chainalysis data.
Youwei Yang, chief economist at bitcoin mining company BIT Mining Limited, told Blockworks that the technology behind cross-chain bridges “has to take some time to develop more thoroughly,” and attributes most problems to “the validators that are not that large of a group nor decentralized enough.”
He added that frequent hacks are “another reason why institutional investors — especially old money — are not fully ready to join the crypto force yet.”
Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.
Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.
Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.
The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.
