Decrypt’s Art, Fashion, and Entertainment Hub.
Mango DAO has offered a deal to the thief who made off with $100 million in crypto from an exploit in the Mango Markets platform earlier this week—a way to avoid a criminal investigation and pay off bad debt.
The Mango DAO, a decentralized autonomous organization that manages Mango Markets, has offered the hacker a bug bounty of $47 million, meaning that the thief would be required to send back $67 million worth of tokens under the terms of the deal.
"We are seeking to make users whole to the extent possible," the Mango DAO proposal says, addressing the thief.
On Tuesday, a hacker was able to steal over $100 million through an exploit in the Mango Markets Solana DeFi exchange. The attacker temporarily drove up the value of their collateral and then took out loans from the Mango treasury.
Since then, Mango DAO has debated on the DAO's forum on how to proceed. In a twist, the thief then apparently proposed their own solution for returning the stolen funds through the DAO’s governance forum, using the same tokens they stole to vote in the proposal’s favor.
A decentralized autonomous organization, or DAO, is a group structure where control is spread out amongst its members who hold the DAO’s token. Members use these governance tokens to vote on proposals that are executed using smart contracts.
The thief’s demands cite “bad debt” that resulted from a bailout executed by Mango Markets and fellow Solana platform Solend in June. In the demand, the thief asks Mango to use the 70 millionin its treasury to pay off this bad debt.
The counter proposal from the DAO lists the assets and the amounts stolen, asking the thief to return them based on an agreement with the DAO, including 799,155 mSOL, 761,577 SOL, 281.498 BTC, 2,354,260 SRM, 226 ETH, 11,774 FTT, 608 BNB, 152,843 GMT, 98,295 RAY, 1809 AVAX, 32,409,565 MNGO, and 10,000,000 USDC.
The proposal demands the thief send most of the funds to a wallet owned by the Mango Upgrade Council.
"Within 12 hours of the proposal opening, you shall send back the assets other than USDC, MSOL, MNGO, and SOL as a show of good faith," the proposal reads. "The remaining assets shall be sent within 12 hours once the vote is complete and passes."
The DAO’s proposal says it will not pursue criminal investigations or freeze funds once the tokens are returned as agreed. With 11 hours to go, the proposal has 119,821,720 (96.3%) yes votes and 4,601,240 (3.7%) no votes.
Mango DAO further stated that funds sent by the thief and funds in the DAO's treasury will be used to cover any remaining bad debt in the protocol to make "mango depositors whole."
-We computed every account’s equity in USDC and plan to reimburse as much as we can using the DAO treasury (subject to vote) and whatever tokens we're able to recover.
— Mango (@mangomarkets) October 13, 2022
"We computed every account's equity in USDC and plan to reimburse as much as we can using the DAO treasury (subject to vote) and whatever tokens we're able to recover," Mango Markets tweeted on Thursday.