Low liquidity throughout the Solana DeFi ecosystem has made it simple for dishonest people to manipulate prices.
Key Takeaways
- A price oracle attack cost $1.26 million to exploit the Solend protocol, another Solana DeFi protocol.
- The attack comes after the $100 million Mango Markets hack from last month.
- The attacks have been made possible by protocols that allow users to deposit illiquid tokens as collateral and by Solana’s low liquidity.
Solend and Solana’s Mango Markets have both experienced assaults lately.
Solana DeFi Attacked Again
A different Solana DeFi protocol has been abused.
Solend, a lending and borrowing protocol built on Solana, reported that an attacker drained $1.26 million of users’ funds Wednesday. The exploit resulted from an Oracle attack, in which the attacker changed the oracle prices of a few volatile assets to borrow funds from the protocol against them at a higher actual value.
On Twitter, Solend acknowledged the vulnerability and disclosed that three lending pools had been impacted. “An oracle attack on USDH affecting the Stable, Coin98, and Kamino isolated pools was detected, resulting in $1.26M in bad debt,” the protocol tweeted.
The “bad debt” occurs when an attacker tricks a protocol’s price oracles into valuing collateral assets higher than they should be. This gives them “credit” to borrow funds from a protocol with a higher actual value than their inflated collateral. In this case, the attacker borrowed USDH stablecoin funds with no intention of repaying them, causing a net $1.26 million loss for the protocol.
Soon after the attack, another Solana DeFi protocol, SolBlaze, declared it had identified one of the attacker’s fictitious identities. “We discovered a known contact for the hacker… and have been working closely with the Solend team over the past half hour to get them in touch with the hacker to reach a resolution,” it stated. It’s still unclear whether Solend will be able to come to a compromise with the attacker to safeguard users’ money.
Today’s Solend exploit is not the first time oracle price manipulation has been used to attack DeFi protocols on Solana. When an attacker inflated the value of the protocol’s native MNGO token, they were able to steal over $100 million from the decentralized trading platform Mango Markets last month. By doing this, the attacker was able to borrow a number of sizable amounts of money from various token pools, effectively depleting the protocol’s liquidity.
Avraham Eisenberg, a self-described “applied game theorist” based out of He had carried out the attack alongside a group, New York later admitted. Eisenberg and Mango Markets came to an agreement in which Eisenberg received $53 million of the stolen assets in exchange for a promise from the protocol that it wouldn’t file a lawsuit against him. Although Eisenberg maintains his actions didn’t constitute an exploit, but rather, in his words, a “highly profitable trading strategy,” most onlookers weren’t convinced.
Low Liquidity, High Cost
The reason attackers have successfully manipulated price oracles on Solana comes down to the low levels of liquidity on the blockchain.
A peak of $10.17 billion was reached in November, according to data from DefiLlama, during the 2021 bull run for the total value locked in Solana DeFi protocols. The liquidity on Solana is dwindling, though, almost a year into the current crypto winter. The network currently hosts only $940 million worth of assets, representing a 90% decline. In addition, Solana’s on-chain activity, which serves as a rough indicator of the volume of trading on the network, has decreased recently.
Back when Solana had ample liquidity, many DeFi protocols started letting users deposit lesser-known tokens as collateral to take out loans or trade against. The liquidity was high enough for positions to be liquidated if a user defaulted, despite the fact that tokens like MNGO weren’t traded as frequently as ecosystem mainstays like SOL, USDC, and ETH.
It turns out, though, that the protocols weren’t particularly troubled by the inability to liquidate these collateral funds. It is now much simpler to manipulate the price of illiquid collateral tokens because Solana’s liquidity and trading activity are declining daily. It would have been pointless to attempt an oracle attack at the height of the bull market and almost certainly resulted in financial loss for the attacker. As long as the attacker has the funds to move prices in the first place, however, such exploits have grown more profitable under the current circumstances.
Risks associated with the current situation should be considered by those who have funds deposited into Solana DeFi protocols. Not all protocols will be at risk, but those that accept more unusual tokens as collateral might. Eisenberg has outlined potential exploits that use techniques for price manipulation similar to those he used in his attack on Mango Markets, demonstrating that he is actively searching for weak protocols. Future price oracle attacks that resemble the Solend and Mango Markets exploits are likely to occur if liquidity on Layer 1 chains like Solana continues to deteriorate.
