Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
CertiK Alert Profile picture
@CertiKAlert
Oct 12, 2022 8 tweets 3 min read Read on X
Scrolly
#CertiKSkynetAlert 🚨

On October 11, 2022 at 11:19 PM UTC, Mango Market was attacked for a total loss of roughly ~$116M.

The attacker was able to manipulate the price of the MNGO token and exploitatively borrowed more assets than what they were supposed to be able to.

🧵…
1/ The attacker funded Account A with 4,999,998.95 USDC. Account A then sold 488,302,109 MNGO worth of perpetual swaps on Mango Markets, worth $18,653,140.

Account B bought 482,745,055 of the MNGO swaps.
2/ The attacker then began manipulating the price of MNGO on the spot MNGO/USDC market.

From a stable low of ~$0.038 prior to the attack, they pushed it up to a peak of $0.91.
3/ This allowed both Account A and Account B, which the attacker resorted to, to compound their profits on top of what was already gained, and to borrow other tokens against this profit as collateral.
4/ Account A borrowed 0.337 BTC (worth $7.1K), 17,014,501 ($541K at time of writing), 2,650 USDC, 152,843 GMT ($97.7K), 1,809 AVAX ($28.9K), 98,295 RAY ($50.4K), 1,155 MSOL ($38.6K), 608 BNB (1$64.7K), 11,774 FTT ($273.8K), and 226 ETH ($289.5K) all at time of writing.
5/ Account B borrowed 54,426,559 USDC, 768,635 mSOL (worth $25.4M), 761,716 SOL (worth $23.6M), 281 BTC (worth $5.3M), 3.3M USDT, 2,355,667 SRM (worth $1.8M), and 32,420,404 MNGO (worth $674K at the time of writing).
6/ The vulnerability here stemmed from the thin liquidity on the MNGO/USDC market, which was used as the price reference for the MNGO perpetual swap.

With only a few million USDC at their disposal, the attacker was able to pump the price of MNGO by 2,394%.
7/ The attacker manipulated the price by purchasing a huge amount of Mango token.

@mangomarkets uses Switchboard as the price oracle for Mango and Switchboard uses FTX and Raydium as the price feed.

The liquidity on Raydium is extremely low and can easily be manipulated.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with CertiK Alert

CertiK Alert Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @CertiKAlert

CertiK Alert Profile picture
Mar 22, 2023
#CertiKSkynetAlert 🚨

Today the @SECGov charged Justin Sun & 3 of his companies for the unregistered offer and sale of crypto assets.

Additionally, 8 celebrities were charged for allegedly promoting crypto without disclosing the fact that they were being paid to do so.

See 👇
@SECGov 1/ Celebrities including Lindsay Lohan, Jake Paul and a group of rappers and R&B stars such as Soulja Boy, Akon and Lil Yachty are being charged for shilling Tronix (TRX) and BitTorrent (BTT) without disclosing the fact that they were being compensated for it.
@SECGov 2/ Six of the eight celebrities facing charges agreed to pay a total of more than $400,000 to settle those charges, with the exception of Cortez Way and singer Austin Mahone.
Read 4 tweets
CertiK Alert Profile picture
Mar 22, 2023
#CertiKSkynetAlert 🚨

Scammers will always try to take advantage of hype.

We have seen multiple phishing attempts mimicking the Arbitrum airdrop.

Here are some of the signs to look out for so you don’t lose your assets 🧵👇
1/ Scammers will often use Twitter bots to tag users in tweets pointing them to a fake Twitter profile displaying a drainer.

Many wallet drainers have a similar layout 👇

We have recorded 6 of these drainers in March alone, although it’s likely that there are more. Image
2/ These drainers will trick users into approving malicious transactions

learn more about the dangers of approving malicious transactions below

certik.com/resources/blog…
Read 7 tweets
CertiK Alert Profile picture
Feb 21, 2023
#CertiKSkynetAlert 🚨

What we know so far regarding the @fRiENDSiES_Ai exit scam:

On 20 Feb, fRiENDSiES Ai posted on their twitter that they were pausing the project due to market volatility.

Let’s see what went down 🧵 👇 Image
@fRiENDSiES_Ai 1/ In March 2022, the fRiENDSiES #NFT project conducted a Dutch-style auction which raised ~1,530.78 $ETH.
@fRiENDSiES_Ai 2/ According to the roadmap, which has been deleted, the team promised 1.25% of the royalties to be given back to token holders. However, investors have not received anything.
Read 6 tweets
CertiK Alert Profile picture
Dec 20, 2022
#CertiKSkynetAlert 🚨

1/ Ice phishing is a considerable threat to the Web3 community

Instead of gaining accessing to your private key, scammers trick you into signing permissions to spend your assets.

We’ll outline below what to look out for, and how to protect yourself!
2/ The scam begins when a victim is tricked into approving the ice phishing address.

The scammers address will be presented to you when you are interacting with a malicious URL or Dapp

Below is an example of this type of transaction 👇
3/ The next phase comes when the ice phisher initiates a TransferFrom transaction

In the example below we can see the ice phisher (0x4632) initiates the transaction, which sends USDT to a recipient that is controlled by the scammer.
Read 7 tweets
CertiK Alert Profile picture
Dec 19, 2022
#CertiKSkynetAlert 🚨

We are seeing multiple community reports that @BurstRoyale_NFT is a scam project that drains NFT wallets after downloading the game. Several individuals have reported that they fell victim to this phishing site over the past month.

Please stay safe!
@BurstRoyale_NFT 1/ Burst Royale appears to have a consistent modus operandi where a “team member” contacts their targets on Twitter offering them a job for the project and asking them to download their game, which is a proxy malware that drains wallets.
@BurstRoyale_NFT 2/ The malware is reportedly called RedLine Stealer which connects to a server to exfiltrate data. It can be found on underground forums for sale for ~$150.
Read 8 tweets
CertiK Alert Profile picture
Dec 19, 2022
#CertiKSkynetAlert 🚨

1/ We are seeing a fake @Coinbase email scam. Here’s how it works 👇👀

The scammer targets individuals who are selling items online and promise to pay a large sum of BTC through Coinbase.
@coinbase 2/ They’ll then ask for the email address associated with the victim's Coinbase account.

Coinbase allows users to send crypto to an email address.

They then pretend to send you BTC and provide a fake screenshot of the confirmation.
@coinbase 3/ The scammer will then send an email pretending to be from Coinbase that will ask you to purchase BTC and send it to your 'activation address' in the email subject line. This is in order to ‘activate the encrypted fund’.

The activation address is the scammers BTC wallet
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

Send Email!

:(