Following a $117 million exploit on Oct. 11, the Mango Markets community is willing to settle with its hacker, allowing him to keep $47 million as a reward for the bug, according to the decentralized finance protocol governance forum. (DeFi).
The proposed terms reveal that $67 million of the stolen tokens will be returned, while $47 million will be kept by the hacker. 98% of voters, or 291 million tokens, have voted in favor of the settlement, which also stipulates that Mango Markets will not file criminal charges in the case.
Once a quorum is reached, the vote is likely to take place on October 15. The proposal stated:
“The funds sent by you and the Mango DAO treasury will be used to cover any remaining debt in the protocol. All mango depositors will be compensated. By voting in favor of this proposal, Mango token holders agree to pay the bad debt with treasury, and waive any potential claims against bad debt accounts, and will not pursue any criminal investigation or freezing of funds once the tokens are returned as described above.”
On Twitter, members of the community reacted to the news:
Mango hacker securing himself a ~$47m bug bounty.
Biggest crypto bounty by far?
The current bounty going rate of 10% of exploited funds is going to need to be repriced lmao. pic.twitter.com/FcHkEbwY7u
— Hsaka (@HsakaTrades) October 14, 2022
The proposal has also been questioned in the governance forum, as one voter has said:
“I 100% agree that the top priority is to recover user funds as soon as possible, but a $50 million ‘bug bounty’ is ridiculous. At most, the exploiter should recover their costs ($15 million? ?) plus $10 million. A $10 million whitehat reward is what was offered to the $600 million WorthWhole hacker. Mango can do better than this, especially considering the exploiter is essentially doxed.” .
The hacker carried out the attack by manipulating the collateral value of the native MNGO token, and then taking out “mass loans” from Mango’s treasury. After draining the funds, the hacker demanded a settlement, filling out a proposal on Mango’s decentralized autonomous organization (DAO) forum asking for $70 million at the time.
Furthermore, the hacker has voted in favor of this proposal using millions of tokens stolen from the exploit. On October 14, the proposal reached the necessary quorum to be approved. In exchange for the settlement, the hacker asks that users who vote in favor of the proposal agree to pay the reward, settle the bad debt with the treasury, waive any potential claim against bad debt accounts, and not carry conduct any criminal investigation or freeze your funds.
Clarification: The information and/or opinions expressed in this article do not necessarily represent the views or editorial line of Cointelegraph. The information set forth herein should not be taken as financial advice or investment recommendation. All investment and commercial movement involve risks and it is the responsibility of each person to do their due research before making an investment decision.
Investments in crypto assets are not regulated. They may not be suitable for retail investors and the full amount invested may be lost. The services or products offered are not aimed at or accessible to investors in Spain.