Mango Markets Exploit and Exploiter, an accounting software for DAOs and much more!

gm 👋

Thank you for being a part of the Cypherock family. Come rain, hail or storm, we are heads-down building the best possible product to keep your digital assets safe.

Over the next 8-10 minutes, we will be talking about hacks that caught our eye, DApps that we found interesting and our picks from Twitter and Reddit that we enjoyed.

If you loved the newsletter, message us! If you hated the newsletter, message us! We’re always looking for fresh perspective on things to cover and feedback to make your experience better!

Have an awesome week ahead!

Team Cypherock

What we’re covering this week

1. Mango market exploit and exploiter 🫣
2. Coinbooks: Accounting software for DAOS 🧮
3. Continuation of Hack weeks 🔩
4. Tether goes commercial paper free 💵
5. Updates from Cypherock 💥

Security Digest

Mango Market Exploit: Attack vector and Attacker details

On Oct 11, Mango market was exploited and attacker managed to drain $116mm but things did not end there. Three days later, attackers came out and revealed his identity, claiming that his team operated a highly profitable strategy and all their actions were legal open market action.

Things started when at 10 PM UTC, attacker funded account 1 with $5mm USDC and offered 483 million units of MNGO perpetual contracts for $0.03 per unit. Five minutes later, attacker funded another account, account B with an additional $5mm. Using $5mm in account 2, attacker bought the 483 million perps. The outsized position in MNGO-perp led to spot price of MNGO/USD to rise 5-10x, in matter of minutes. This further caused a mark-to-market increase in the value of the account 1 that was long MNGO-PERP, which the account used to loan and withdraw $116mm worth of assets. But what are the learnings to take from this attack?

The exploit strategy was possible because of essentially three vulnerabilities in the protocol design. The market for MNGO was a low liquidity market which combined with no limit on perpetual trades allowed attacker to use unrealized profits collateral in low liquidity asset market to borrow in high liquidity asset markets.

Wait, the drama doesn’t end there. Three days after the exploit, the attackers came out with his identity and called all his team’s actions to be legal open market actions. He further claimed to have helped negotiate a settlement agreement with the insurance fund with the goal of making all users whole as soon as possible as well as recapitalizing the exchange. Furthermore, the Mango DAO treasury is set to welcome the deal with 98% votes in favour of attacker keeps $47mm as bug bounty and return $67 mm to the DAO, thereby, agreeing they won’t pursue any criminal charges against the attacker.

Dapp News

Coinbooks: Accounting software for DAOs

Coinbooks is an enterprise-grade accounting software for digital assets that allows you to stop tracking your digital assets on excel spreadsheets and helping you accounting and calculate tax thereby saving you hours. It aims to change the way decentralized autonomous organizations or “DAOs” and crypto companies currently perform accounting. It works by integrating with crypto wallets and existing accounting software so that crypto companies can manage both their crypto and non-crypto transactions in one place.

Twitter Tales

The wild west days of DeFi continue with over seven exploits in the past week. Check the list of projects

Check out the thread here.

Reddit Reads

Tether has eliminated over $30 billion of commercial paper. Tether now claims to hold $68 Billion with no commercial paper as collateral for USDT. Check out the discussion on what the community has to say about it.

Tether says Commercial Paper is eliminated from r/CryptoCurrency

Updates from Cypherock

• Read how Cypherock is building the best hardware wallet experience for Near Protocol
• Catch Rohan, Co-founder at Cypherock talk about pain points and future of Self Custody at Proof of Human Podcast

Is Your Crypto Safe? Take the Cypherock Quiz and find out!

Will your crypto get hacked? Are you going to lose your crypto? Cypherock has come up with a detailed quiz that will help you understand the pros and cons of your security model. Upon completion, you will get a detailed analysis mailed to you. Take the quiz now!

Here’s some alpha 🚀

Security is our utmost concern. We want to keep your crypto safe and give you the best possible experience interacting with the web3 ecosystem. Because we like you, we want you to make money too!

Cypherock recently launched an affiliate program. You receive a unique code by either signing up on our website, or by purchasing a Cypherock X1. Through your code, your referrals receive 10% off on their purchase and you make $25 per sale!

Sign up to become a Cypherock Affiliate!

Have questions regarding our product, or the affiliate program? Our Growth Lead loves chatting with people, hit him up here.