Why Do Solana DeFi Protocols Keep Getting Exploited?
- Solend, another Solana DeFi protocol, has been exploited through a price oracle attack for $1.26 million.
- The attack follows last month’s Mango Markets exploit that saw $100 million stolen.
- Protocols letting users deposit illiquid tokens as collateral and low liquidity on Solana have made the attacks possible.
Share this article
Solana’s Mango Markets and Solend have both come under attack in recent weeks.
Solana DeFi Attacked Again
Another Solana DeFi protocol has been exploited.
Solend, a lending and borrowing protocol built on Solana, reported that an attacker drained $1.26 million of users’ funds Wednesday. The exploit was due to an oracle attack, meaning that an attacker manipulated the oracle prices of certain volatile assets to borrow protocol funds against them with a higher actual value.
Solend acknowledged the exploit on Twitter, revealing that three lending pools had been affected. “An oracle attack on USDH affecting the Stable, Coin98, and Kamino isolated pools was detected, resulting in $1.26M in bad debt,” the protocol tweeted.
The “bad debt” occurs when an attacker tricks a protocol’s price oracles into valuing collateral assets higher than they should be. This gives them “credit” to borrow funds from a protocol with a higher actual value than their inflated collateral. In this instance, the attacker borrowed USDH stablecoin funds with no intention of paying them back, resulting in a net $1.26 million loss for the protocol.
Shortly after the attack, fellow Solana DeFi protocol SolBlaze announced it had discovered one of the attacker’s pseudonymous identities. “We discovered a known contact for the hacker… and have been working closely with the Solend team over the past half hour to get them in touch with the hacker to reach a resolution,” it stated. It’s not yet clear if Solend will be able to reach a resolution with the attacker to protect users’ funds.
Today’s Solend exploit is not the first time oracle price manipulation has been used to attack DeFi protocols on Solana. Last month, the decentralized trading platform Mango Markets was exploited for over $100 million when an attacker pumped up the price of the protocol’s native MNGO token. Doing so allowed the attacker to take out a series of large loans from several token pools, effectively draining the protocol of its liquidity.
Avraham Eisenberg, a self-described “applied game theorist” based out of New York, later revealed that he had executed the attack alongside a team. Mango Markets reached an agreement with Eisenberg, assuring him the protocol wouldn’t pursue a legal case against him in return for $53 million of the stolen assets. Although Eisenberg maintains his actions didn’t constitute an exploit, but rather, in his words, a “highly profitable trading strategy,” most onlookers weren’t convinced.
Low Liquidity, High Cost
The reason attackers have successfully manipulate price oracles on Solana comes down to the low levels of liquidity on the blockchain.
During the 2021 bull run, the total value locked in Solana DeFi protocols soared, reaching a peak of $10.17 billion in November, per data from DefiLlama. However, almost a year into the current crypto winter, liquidity on Solana is drying up. The network currently hosts only $940 million worth of assets, representing a 90% decline. Additionally, Solana’s on-chain activity, which acts as a rough heuristic for the amount of trading on the network, has also tailed off in recent months.
Back when Solana had ample liquidity, many DeFi protocols started letting users deposit lesser-known tokens as collateral to take out loans or trade against. Although tokens like MNGO weren’t traded as much as ecosystem staples such as SOL, USDC, and ETH, liquidity was high enough for positions to be liquidated if a user defaulted.
However, it turns out that being able to liquidate these collateral funds wasn’t the biggest issue for protocols. With liquidity and trading activity on Solana dropping daily, it’s become much easier to manipulate the price of illiquid collateral tokens. Attempting an oracle attack during the height of the bull market would have been futile and almost certainly lost the attacker money. But under the current conditions, such exploits have become increasingly lucrative, as long as the attacker has enough cash to move prices in the first place.
Those with money deposited into Solana DeFi protocols should be wary of the current situation’s risks. While not all protocols will be vulnerable, those that offer more exotic tokens as collateral could be at risk. Eisenberg has highlighted potential exploits using similar price manipulation methods to his attack on Mango Markets, showing that he’s actively looking for vulnerable protocols. If liquidity on Layer 1 chains like Solana continues to decline, we’ll likely see more price oracle attacks similar to the Solend and Mango Markets exploits in the future.
Disclosure: At the time of writing this piece, the author owned SOL and several other digital assets.