- The hackers of the Mango Markets exchange have used stolen funds to manipulate a DAO vote in their favour
- The hackers proposed a returning of a portion of their stolen booty if the DAO promised not to prosecute
- The hackers then spent much of the stolen MNGO tokens to swamp the vote in their favour
The hackers of the Solana-based exchange Mango Markets used stolen funds to virtually assure that they would not face legal action if they returned a portion. The farcical situation was possible because of the decentralised voting methods employed by DAOs, users can vote with tokens to any level they wish, rather than a ‘one address, one vote’ system. This means that the hackers, who late yesterday stole $100 million worth of tokens, were able to use the huge wealth suddenly at their disposal to tip the vote in their favour.
$100 Million Stolen Thanks to Lending Manipulation Strategy
Mango Markets warned users of the exploit late last night, stating that a hacker had been able to “drain funds from Mango via an oracle price manipulation”. Security firm Ottersec reported that the hackers had “temporarily spiked up their (Mango Markets’) collateral value, and then took out massive loans from the Mango treasury.” These amounted to $100 million worth of BTC, USDT, SOL, mSOL, USDC out of the Mango protocol.
Just hours later, the hackers made a proposal to the Mango Markets DAO – they would return a portion of the stolen funds which, when added to the remaining money in the Mango Markets treasury, would make the theft whole. In return, the hacker wanted assurances that no criminal action would be taken against them.
Hackers Secured Vote With Stolen Funds
In a twist that very few people could have seen coming, when the vote went live, the hackers spent 32 million MNGO coins on a ‘yes’ vote, dramatically swinging the vote in their favour and almost ensuring that it would be almost impossible to overturn:
The ability to do this lies in the fact that DAO votes aren’t based on a one-vote-per-person system or equivalent, but allow anyone to spend any amount of tokens in their possession to vote with, regardless of their affiliation or motives. This is akin to a democracy being based on your wealth – the more money you have, the more you can influence elections.
Such a situation is an example of how DAOs are not yet fit for mass adoption, and more work needs to be done around the governance model to avoid such situations from becoming widespread.
