Key points to remember
- Solend, another Solana DeFi protocol, was mined via a price oracle attack for $1.26 million.
- The attack follows last month’s Mango Markets exploit which saw $100 million stolen.
- Protocols allowing users to deposit illiquid tokens as collateral and low liquidity on Solana made attacks possible.
Share this article
The Solana and Solend mango markets have both been under attack in recent weeks.
Solana DeFi attacked again
Another Solana DeFi protocol was mined.
Solend, a Solana-based lending and borrowing protocol, reported that an attacker drained $1.26 million of user funds on Wednesday. The exploit was due to an oracle attack, meaning an attacker manipulated the oracle prices of certain volatile assets to borrow protocol funds against them with a higher real value.
Solend acknowledged the exploit on Twitter, revealing that three loan pools had been affected. “An oracle attack against USDH affecting isolated pools Stable, Coin98 and Kamino has been detected, resulting in a bad debt of $1.26 million,” the protocol tweeted.
“Bad debt” occurs when an attacker tricks a protocol’s pricing oracles by pricing collateral assets at a higher level than they should be. This gives them “credit” to borrow funds from a protocol with a real value greater than their inflated collateral. In this case, the attacker borrowed USDH stablecoins with no intention of repaying them, resulting in a net loss of $1.26 million for the protocol.
Shortly after the attack, fellow Solana DeFi protocol SolBlaze announcement he had discovered one of the attacker’s pseudonymous identities. “We have discovered a known contact for the hacker…and have been working closely with Solend’s team over the last half hour to put them in touch with the hacker to reach a resolution,” said he declared. It is not yet clear whether Solend will be able to reach a resolution with the attacker to protect user funds.
Today’s Solend exploit is not the first time oracle price manipulation has been used to attack DeFi protocols on Solana. Last month, the decentralized trading platform Mango Markets was exploited for over $100 million when an attacker jacked up the price of the protocol’s native MNGO token. This allowed the attacker to take out a series of large loans from multiple token pools, draining the protocol of liquidity.
Avraham Eisenberg, a self-proclaimed “applied game theorist” based in New York, later revealed that he had executed the attack alongside a team. Mango Markets reached an agreement with Eisenberg, assuring him that the protocol would not pursue legal action against him in exchange for $53 million in stolen assets. Although Eisenberg maintains that his actions were not a feat, but rather, in his words, a “highly profitable business strategy”, most onlookers were unconvinced.
Low liquidity, high cost
The reason the attackers managed to manipulate the price oracles on Solana comes down to low levels of liquidity on the blockchain.
During the 2021 bull run, the total value locked in Solana DeFi protocols soared, peaking at $10.17 billion in November, per Data by DéfiLlama. However, nearly a year into the current crypto winter, liquidity on Solana is drying up. The network currently only hosts $940 million in assets, which is a 90% drop. Additionally, Solana’s on-chain activity, which acts as an approximate heuristic for the amount of transactions on the network, also abandoned These last months.
Back when Solana had ample liquidity, many DeFi protocols began allowing users to deposit lesser-known tokens as collateral to take out loans or trade against. Although tokens like MNGO did not trade as much as ecosystem commodities like SOL, USDC, and ETH, liquidity was high enough that positions would be liquidated if a user defaulted.
However, it turns out that the possibility of liquidating these guarantee funds was not the biggest problem for the protocols. With liquidity and trading activity on Solana declining daily, it has become much easier to manipulate the price of illiquid collateral tokens. Attempting an oracle attack at the peak of the bull market would have been futile and almost certainly cost the attacker money. But under current conditions, such exploits have become increasingly lucrative, as long as the attacker has enough money to move prices in the first place.
Those with money deposited in Solana DeFi protocols should beware of the risks of the current situation. While not all protocols are vulnerable, those offering more exotic tokens as collateral could be at risk. Eisenberg has Underline potential exploits using price manipulation methods similar to its attack on Mango Markets, showing that it actively searches for vulnerable protocols. If liquidity on layer 1 chains like Solana continues to decline, we are likely to see more price oracle attacks similar to Solend and Mango Markets exploits in the future.
Disclosure: At the time of writing, the author owned SOL and several other digital assets.