Mango Markets posted on Twitter to urge users not to deposit into the project, and asked the hacker to contact them "to discuss a bug bounty". The hacker had their own plans, instead submitting a governance proposal in which they would return $46 million of the stolen funds (keeping $70 million) in exchange for a promise that the protocol would not try to freeze the assets or pursue criminal charges. The hacker then used their 32 million governance tokens to vote in support, but ultimately were not able to get the proposal to pass. A different proposal with largely the same terms, but which left the attacker with only $47 million of the stolen funds, passed shortly after.
Mango Markets, a Solana-based defi project offering borrowing, lending, and leverage trading, was exploited for $116 million. An attacker manipulated the supposed value of their collateral on the platform, allowing them to take out massive loans from the project treasury that they never repaid. In total, they stole around $116 million worth of Solana tokens. However, only a few exchanges have sufficient liquidity to support exchanging or withdrawing that quantity of tokens, and those exchanges (Coinbase, Binance, and Kraken) froze the attacker's wallets.