A decentralized blockchain Solana has suffered several exploits over two months. While the rest of the market was busy trading digital assets, the Solana network was experiencing a scam through its Phantom wallet. Mango Markets is a decentralized high-performance blockchain having headquarters in Solana, California. It allows investors to trade cryptocurrencies on this blockchain platform that the Mango DAO governs.
As noticed by the investigators, a hacker managed to deploy the capital from the DeFi platform. A blockchain website, OtterSec, also said that the scammer temporarily manipulated the Mango native collateral’s value to withdraw huge loans from the Mango Markets treasury. The attacker successfully deployed a value of over $100 million from Solana.
While the SOL community was investigating the Phantom Wallet scam, the DeFi trading platform Mango Markets lost $100 million. The hackers tricked Solana users by passing them a security upgrade for the Phantom wallet. It was later discovered to be malware formulated to generate crypto coins from users.
The released fake NFTs were in the name of “UPDATEPHANTOM.COM “or “PHANTOMUPDATE.COM” to cheat naive users. Users were given a link stating that the latest security update for the Phantom wallet was released. The update further threatened investors, stating that users who fail to make updates may have to face loss of funds as the hackers have been exploiting the Solana network for the past two months.
As the Solana network has been facing several hacks for a couple of months, it was easy for the investors to get trapped by the recent scam. As soon as the user follows the instructions of a new update, the hacker receives the user’s data like passwords, cookies, history, and SSH keys.
As per reports, the hacker initially funded one 5mm USDC for assurance around 6:19 PM ET. After that, he offered 483 million MNGO units in the Mango Markets. After this, the offender funded a different account with 5M USDC collateral around 6:24 PM ET to purchase the same 483 million MNGO perpetual contracts worth $0.03.
Around about 6.26 PM ET, the attacker began to manipulate the Mango spot market price, making it $0.91 and the 483 million MNGO’s worth $423 M. A credit amount of $116 million was immediately received by the scammer, leaving Mango’s fund with a balance of -116.7 million, which drained the liquidity.
Soon after the scam came to notice, the officials of Mango markets took to Twitter to reach out to their investors and make the community aware of the malware’s functioning. However, in their next tweet, the platform requested users to refrain from depositing money in Mango Markets as a precautionary measure until they announce the resolution.