- DAO forum of Mango Market set to approve $47M settlement with a hacker
- More than 98% of voting tokens respond in the favor of the deal.
- It specifies that Mango Markets will not carry out criminal charges.
On October 11, 2022 Mango Market community followed a $117 Million exploit. As per the Decentralized Finance (DeFi) Protocol Governance Forum, Under this exploit, the Mango Market community made a deal with its hacker to keep around $47 Million as a bug bounty.
The recent update from the Mango Market unwrapped that $67 Million of the slipped tokens will be repaid, and the rest of $47 million will be kept by the hacker. Around 98% of the voters, or ~291 Million tokens, voted in favor of this deal, which also specifies that Mango Markets will not follow criminal charges on the case.
A member of the Mango Market Community posted a Tweet on October 14, 2022 over the development.
Proposal from The Mango Market Community
The voting was estimated to happen on Oct. 15 2022 (which has now passed), in which the proposal stated “The funds sent by you and the mango DAO treasury will be used to cover any remaining bad debt in the protocol. All mango depositors will be made whole. By voting for this proposal, mango token holders agree to pay off the bad debt with the treasury, and waive any potential claims against accounts with bad debt, and will not pursue any criminal investigations or freezing of funds once the tokens are sent back as described above.”
The Hack
The following hack was done by the hacker, who attacked by manipulating the value of the MNGO, native token collateral, and later took out “massive loans” from Mango’s treasury. Then took out the funds and demanded a settlement by filling a proposal on the Mango Market’s Decentralized Autonomous Organization (DAO) Forum asking for $70 Million at that instance.
After that, the hacker voted for this proposal using Millions of stolen tokens from the exploit. And, additionally on Oct. 14, 2022 the proposal passed the required quorum to take place.
Although, it can be seen that in exchange for the settlement, the hacker calls for that users who vote in-favor of the proposal, to agree to wage the bounty, pay-off the bad debt with the treasury, lose the right to any potential claims against accounts with bad debt and also do not engage any criminal investigation or the blocking of funds.
It must be noted that the exploiter rapidly rolled out the MNGO tokens that they seized (around 30M tokens) to vote in favor of their own initial proposal, but did not appear to vote on the later and final proposal, that still closed at a tally of 473M in favor and 16.6M against.
Source: https://www.thecoinrepublic.com/2022/10/16/mango-exploiter-in-the-crypto-community/