3. TLDR;
Attacker pumped the price of the illiquid $MNGO token from 3c to 91c. The unrealised PnL (marked at >$400M) of positions were in turn able to be used as collateral on @mangomarkets to borrow all assets on the platform and leave it in deficit.
4. Tracing the flow of funds 🔁
On October 11, 2022 19:43 the exploiter `yUJw` funded their account with a total $5.5M USDC from @FTX_Official
5. After executing the aforementioned attack, they were able to withdraw roughly $116M of assets.
The $USDC was withdrawn to `41zC`, $USDT to `5C1k`, $MNGO mostly used to launch a sham DAO governance vote and the remaining assets left untouched in the wallet.
6. Following the trail of USDC, we see that 57M lands in a @circlepay wallet `41zC` (confirmed by multiple sources + users of circle).
7. Of the cumulative ~57M going into `41zC` we can hazard a guess that ~27M of those are moved to Circle's main wallet `7VHU` (containing over 3B USDC).
We're still unsure as to whether this is an attempted redemption for fiat, only @circlepay can really shed light here.
8. So what happened to the other ~30M?
This seems to still reside in the `41zC` wallet. Our guess is this is wallet is used to custody funds for bridging on Circle's newly launched Cross-Chain Transfer Protocol.
Well as it happens, 30M USDC was redeemed on Ethereum starting at 23:16:35, whilst Solana USDC deposits we saw above to their Circle deposit wallet `2NTz` began at 23:14:54. It was then swapped to DAI via 1inch.
2mins apart, quite the coincidence no?
10. To make this case even more concrete, the Ethereum address to which it's withdrawn to are under "ponzishorter.eth" ENS domain.
A few days prior to this exploit, a certain discord user was discussing details of a potential oracle manipulation exploit proof of concept on the order of 9 figures. Eerily similar.
12. Thanks to inside sources it turns out his real identity is Avraham Eisenberg and he's got quite a coloured history with respect to hacks and crypto exploits.
13. Most recently he rugged to the tune of 10M on his OHM fork project Fortress DAO.
14. Now it's down to @FTX_Official and @circlepay who have the KYC information to show undeniable evidence (unless the accounts are stolen or KYC docs faked).
The recent episode of @Lightspeedpodhq with @aeyakovenko was a certified banger. Toly outlines a the latest and greatest coming out on the @solana roadmap and there's plenty to be excited about.
I listened to it on the plane and took some intern notes for y'all 🧵
1/ One of Solana's key design choices is allowing direct access to the leader and processing transactions as a stream, leading to the fast block times we see.
Ethereum as we know uses the mempool design which is highly censorship resistant but slow due to gas auctions.
2/ There's no silver bullet though. For this speed boost, Solana lends itself to mass transaction spam (effectively DDoS of the network).
The solution? QoS and better priority fee markets to penalise write locked accounts solana.com/news/solana-ne…
Looks like the Mango hacker had ~$57M USDC withdrawn to 41zCUJsKk6cMB94DDtm99qWmyMZfp4GkAhhuz4xTwePu
This address has been around for a long time (1.5yrs+) and regularly sees 100s of millions in USDC go through it & #3 holder of USDC on Solana. Possibly @circlepay controlled?
Most of the USDC coming in seems to flow out of the wallet in due time as well, although the net balance does grow slowly over time.
You can see the recent hack withdrawal sharply took the balance from 42M to 100M USDC.
Tough day for everyone on Solana today, but here's a breakdown of what we know:
1/ At approximately 22:37 UTC yesterday a hacker began a widespread exploit, the extent of which has so far affected $4M+ of assets from 9.2k+ unique wallets.
2/ During the initial phase, funds were extracted at an aggressive pace with hundreds of thousands of dollars being lost minute to minute (all sizes here are converted to USD).
At 23:19 as we thought things were subsiding, another enormous outflow occurs in the order of $1-2M.
3/ I can't be certain if something changed in their strategy or whether they just happened to stumble across a number of large wallets (requires more digging).
As you can see at both peaks the average size of transactions is orders of magnitude higher, and predominantly in USDC.
I earned $1.4M in arbitrage profits on Solana in a single transaction. Here is how I did it.
A lot of people are messaging me about how to get started so I thought I would make a basic outline.
More detailed article to come so make sure to follow.
A thread 🧵
1. Programming fundamentals
It goes without saying that you need to have adept programming skills to make money doing MEV. I recommend starting with Scratch because of its extremely powerful visual programming model. Don't bother with outdated languages like Rust and C++ 👎
2. Learn arbitrage basics
Arbitrage is when the price differs between two different exchanges. The hidden secret of MEV is to buy low and sell high 🤯
On fast blockchains like Solana, the block times are faster which means more MEV 💰💰💰