Discover more from Web3 Pills
💊 Mango Markets exploited for $100 million
Welcome to Web3 pills, the daily crypto newsletter that’s here to remind you that we are (still) gonna make it…WASGMI.
Here are your 💊’s for today:
Mango Markets exploited for $100 million
SEC opens investigation into Bored Apes
NFT of the day
MANGO MARKETS EXPLOITED FOR $100 MILLION
This bear market has provided a major stress test for crypto projects. With liquidity drying up, and pressure rising on devs, we’ve seen a large number of projects failing these tests.
Yesterday alone, saw four DeFi hacks accounting for $115 million! The vast majority of funds stolen came from a single exploit on a protocol called Mango Markets.
For those that are unfamiliar, Mango is one of the leading decentralized exchanges on the Solana network. In fact, the hack of Mango accounted for close to 10% of the entire DeFi TVL on Solana. 🤯
Here is a breakdown of how the attack went down according to the Mango team:
The attackers opened 2 accounts funded with USDC and took a massive position in the MNGO-PERP pool.
They were then able to manipulate the price of MNGO/USD on FTX & Ascendex to be 5-10x higher. This was possible due to low trading volume on the asset.
This caused the price feed oracles (powered by Switchboard and Pyth) to temporarily spike the value of MNGO to $0.15.
This in turn caused an artificial spike in the value of the accounts with the MNGO-PERP position.
They were then able to borrow against this artificially inflated position to withdraw BTC (wrapped), USDT, SOL, mSOL and USDC out of the Mango protocol. By the time the hacker was done, their withdrawals equated to $100 million+ extracted from the protocol.
Once the Mango team realized what was happening, they froze the entire platform to prevent further damage, but at that point it was already too late.
In many ways, the drama only began with the exploit. In the aftermath, there has already been a wild sequence of events. Most notably, the attackers went into the governance forum for Mango and made a proposal to return a portion of the funds in return for a bounty and the DAO committing to not pursue criminal investigations.
What is most absurd about this entire proposal, was that most of the ‘Yes’ votes in favor of it, were actually placed by the attackers themselves with funds from the exploit!
On the one hand, this situation has become almost comical and feels like an entertaining scene out of a movie. On the other hand, it shows just how immature the Web3 industry still is. Mango Markets was a “top” DeFi protocol built on the 6th largest blockchain by market cap, Solana.
The fact that they were able to suffer this large of an attack reflects poorly on the entire DeFi space. How can participants have confidence when a massive DeFi attack seems to happen every week?
Not to mention, there are a lot of important questions being asked in regards to who was behind this. It’s an open secret in crypto, that some nefarious developers and/or auditors, intentionally leave behind exploitable code. Some have been speculating whether or not this was an inside job of some sort.
While I think it’s dangerous to speculate to that degree right now, it is worth pointing out that this exact vulnerability was laid out in the Mango Markets Discord back in March 👇
At best, the team knew about this vulnerability and did not move quick enough to address it. At worst, there was foul play within the core team and/or the auditors.
Either way, the DeFi space needs to clean up it’s act and FAST... while there is still some TVL left.
SEC OPENS INVESTIGATION INTO BORED APES
SEC Chairman Gary Gensler has been waging a war on crypto, and this time, he has locked his eyes on a new target. Yesterday it was announced that Yuga Labs, the creator of the iconic Bored Ape Yacht Club NFT collection, was being probed by the SEC as to whether its sale of NFTs violates federal law.
This is shaping up to be a massive case, as it could very well be the case that decides once and for all, whether or not NFTs are securities. If the ruling goes in favor of the SEC, then this could spell trouble for the entire NFT market.
However, if there is any project in the NFT ecosystem that is well positioned to win this case, it’s Yuga Labs. For starters, Yuga has a massive war chest including a raise of $450 million as recently as March. This will give them the funds they need to hire the best lawyers to fight the case.
In addition, Yuga Labs is one of the most organized and well-run projects in the entire NFT space. This means that they were much more likely to have made the right set of decisions, to make their NFTs and fungible tokens not be deemed securities.
For instance, as part of their APE coin launch, the majority was allocated to the community and DAO governance was in place from day one. This is important because it helps them pass the Howey Test.
The Howey Test, has been the standard for determining whether or not an asset is deemed a security. It consists of 4 main parts:
An investment of money
In a common enterprise
With the expectation of profit
To be derived from the efforts of others
In the case of the APE coin launch, it’s hard to see the SEC making a case for how the coin meets all of these criteria. For starts, many holders were airdropped the coins, which means they didn’t make an up front investment of money. Secondly, one could argue that since it is structured as a DAO with some level of decentralized governance, that it isn’t a common enterprise. Lastly, since these coins can be used for voting in the DAO, one could argue that the primary utility of the tokens is for voting, and not for making more money on them.
I will caveat all of this by saying that I am in no way a lawyer. That being said, I think it’s important for us all to keep a close eye on this case, as its outcome will have a massive impact on our industry.
[Techcrunch] OpenSea launches NFT marketplace on Avalanche: OpenSea continues to expand its support of different blockchains.
[The Block] BNY Mellon launches crypto offering, backs 'innovation by collaboration’: America’s oldest bank will now custody customers’ digital assets alongside traditional investments on the same platform.
[Decrypt] Arbitrum’s Owners Acquire Key Ethereum Development Team: Offchain Labs today announced the purchase of Prysmatic Labs, consolidating two major Ethereum players.
NFT OF THE DAY
There’s been a lot of talk among NFT collections about offering IRL utility. However, few collections have actually delivered on this promise. One notable exception that continues to fly under the radar is the ‘Utopian collection’ launched by Afterparty.
Afterparty describes themselves as a “membership-based community where the most innovative artists, creators and builders meet.” They’ve done a tremendous job of attracting top creators to their community including names like David Dobrik, The Chainsmokers and more.
Most of the events go down at the Afterparty house in LA, where they showcase the NFTs on massive screens and bring in top music artists to play live shows for holders. They also recently announced a partnership with Soho House.
As if this wasn’t enough, they’ve taken things to the next level, by hosting massive IRL events for their holders. I had the opportunity to go to Afterparty Festival in Vegas back in March of this year, and the event blew me away.
At AREA15 they had performances by Kid Laroi, Swae Lee, Bob Moses and more. Not to mention an awesome indoor exhibit completely dedicated to digital art, and jaw-dropping displays of holders’ Utopians on the side of hotels on the Vegas strip.
Looking ahead, they are continuing to up their game with more festivals planned and a recent partnership with Soho house.
Suffice it to say that this is a NFT project you should definitely keep your eyes on in the coming years.