MangoFarmSOL Exit Scam

4/1/2024, 7:23:24 PM
Beginner
Blockchain
MangoFarmSOL marketed itself as a farming protocol on the Solana blockchain, promising high yields and a lucrative MANGO token airdrop. However, the MangoFarmSOL team executed an exit scam, and this highlighted the urgent need for an auditing and review process of DeFi projects.

Introduction

On 6th January 2024, the MangoFarmSOL project conducted an exit scam leading to losses estimated around ~$1.32 million which is the largest exit scam that we have investigated in 2024 so far. The stolen funds primarily consisted of SOL tokens, which were then laundered through various channels, first bridging to the Ethereum network via wormhole and allbridge and then deposited into platforms such as Railgun (mixer), eXch and FixedFloat (instant exchanges).

Event Summary

MangoFarmSOL marketed itself as a farming protocol on the Solana blockchain, promising high yields and a lucrative MANGO token airdrop. To participate, users were encouraged to deposit Solana tokens. The project gained traction through a coordinated influencer campaign and the promise of a $MANGO token airdrop scheduled on the 10th January.

However, the MangoFarmSOL team executed an exit scam, transferring 13,512 SOL tokens (~$1.26 million at the time) from users’ deposits in the project’s contract. Additionally, a malicious frontend was deployed, misleading users into an “EmergencyMigration” and tricking them into transferring their assets, leading to a further theft of ~$60k. Following these actions, MangoFarmSOL deactivated its social media accounts and website, leaving many in the community at a loss and highlighting the risks inherent in the DeFi space.

Detailed Analysis of the Exit Scam

The Build-up:

(3 Jan) Social Media Campaign: The project utilized social media influencers to boost its credibility and attract a larger audience.

(5 Jan) $MANGO Token Launch Info: The team published a piece on Medium claiming that an airdrop of $MANGO token will be scheduled on the 10th, with rewards determined by points gained from SOL deposited and users referred.

(3 Jan-7 Jan) User Deposits: Users deposited SOL into MangoFarmSOL’s contract, enticed by the promise of the MANGO token airdrop and likely due to the marketing by influencers on twitter driving traffic. This led to over ~$1.3M in TVL as shown in the screenshot below.

The Exit Scam:

  1. Withdrawal of Funds: The MangoFarmSOL team initiated the exit scam by withdrawing a total of 13514 SOL (~$1.26M) tokens deposited by users into the Mango contract to the wallet 8ggvi.


First transaction of 135 SOL transfer from Mango contract (Bfg5SM) to wallet 8ggvi


Second transaction of 13379 SOL transfer from Mango contract (Bfg5SM) to wallet 8ggvi

  1. Malicious Frontend: Subsequently, a malicious frontend was introduced under the guise of an “emergency migration,” which was also tweeted by the projects official twitter account tricking users into further transactions that led to the theft of additional assets, estimated to be a total of ~$60k.

  1. Communication Shutdown: MangoFarmSOL then deactivated its twitter account & took down the website as well, making away with the stolen funds.

Movement of Funds:

Summary

The funds bridged to the Ethereum network ended up consolidating in three main areas

  • eXch: ~292 ETH
  • Railgun: ~263 ETH
  • FixedFloat: ~26 ETH

Funds Stolen From Mango Contract

  1. Initial Theft Transaction:
  • A total of 13.5K SOL, worth approximately $1.26 million, was stolen from the Mango contract and sent to the address 8ggviFegLUzsddm9ShyMy42TiDYyH9yDDS3gSGdejND7.
  1. Obfuscation and Conversion:
  • 9,458 of the stolen SOL was sent to 4nBETJ to obfuscate the trail of funds.
  • All SOL in both 8ggvi & 4nBE were subsequently swapped for USDC.


Account 8ggviFegLUzsddm9ShyMy42TiDYyH9yDDS3gSGdejND7

  1. Bridging to Ethereum via Wormhole:
  • The acquired USDC was bridged from the Solana network to Ethereum via the wormhole bridge, targeting multiple Ethereum addresses over multiple transactions to 4 different addresses on ETH


380k bridged over 4 transactions to 0x09e3


319k to 0xc504


351k to 0x6898


217k to 0x8816

  1. Final Laundering Steps:
  • Once on the Ethereum network, the USDC was swapped for ETH. The stolen funds were then laundered through Railgun (a privacy mixer) & also exchanged via eXch (instant exchange) to further obfuscate funds.


Example of transfers to railgun


Example of transfer to eXch

Funds Stolen From Malicious Frontend Drainer

  1. Consolidation and Conversion:
  • Assets stolen through the malicious frontend exploit were consolidated into SOL, which was then swapped for approximately $58.6k in USDC.

  1. Bridging to Ethereum via Allbridge:
  • The USDC obtained from the frontend exploit was bridged to the Ethereum network over 2 transactions using Allbridge, to the address 0x7caa1815ba7562dd7e55506f08a4f5252b0d8fec.

  1. Final Exchange and Deposit:
  • The bridged USDC was swapped for 26 ETH. These funds were then deposited into FixedFloat (instant exchange) over several transactions, completing the laundering process for the assets stolen via the frontend exploit.


https://etherscan.io/address/0x7caa1815ba7562dd7e55506f08a4f5252b0d8fec

Conclusion

The MangoFarmSOL exit scam is the largest exit scam that we have investigated in 2024. The methodology of the scam shares similar characteristics with an incident in 2023 involving a fraudulent project named Harvest Keeper. Both project’s updated their frontend which drained users funds as well as removing assets that victims had invested into the project.

The MangoFarmSOL exit scam, resulting in an estimated $1.32 million in losses, underscores the critical need for rigorous project vetting in the crypto space. CertiK addresses this issue with its KYC services, offering projects the opportunity to earn a KYC badge, signaling to investors a level of due diligence and transparency. This badge represents an essential step towards building trust within the blockchain ecosystem, encouraging engagement with projects committed to security and integrity. In a landscape where scams can significantly undermine investor confidence, CertiK’s KYC process emerges as a vital tool for distinguishing legitimate projects from fraudulent ones.

Disclaimer:

  1. This article is reprinted from [certik], All copyrights belong to the original author [certik]. If there are objections to this reprint, please contact the Gate Learn team, and they will handle it promptly.
  2. Liability Disclaimer: The views and opinions expressed in this article are solely those of the author and do not constitute any investment advice.
  3. Translations of the article into other languages are done by the Gate Learn team. Unless mentioned, copying, distributing, or plagiarizing the translated articles is prohibited.

Share

Crypto Calendar

Project Updates
Etherex will launch the token REX on August 6.
REX
22.27%
2025-08-06
Rare Dev & Governance Day in Las Vegas
Cardano will host the Rare Dev & Governance Day in Las Vegas, from August 6 to 7, featuring workshops, hackathons and panel discussions focused on technical development and governance topics.
ADA
-3.44%
2025-08-06
Blockchain.Rio in Rio De Janeiro
Stellar will participate in the Blockchain.Rio conference, scheduled to be held in Rio de Janeiro, from August 5 to 7. The program will include keynotes and panel discussions featuring representatives of the Stellar ecosystem in collaboration with partners Cheesecake Labs and NearX.
XLM
-3.18%
2025-08-06
Webinar
Circle has announced a live Executive Insights webinar titled “The GENIUS Act Era Begins”, scheduled for August 7, 2025, at 14:00 UTC. The session will explore the implications of the newly passed GENIUS Act—the first federal regulatory framework for payment stablecoins in the United States. Circle’s Dante Disparte and Corey Then will lead the discussion on how the legislation impacts digital asset innovation, regulatory clarity, and the US’s leadership in global financial infrastructure.
USDC
-0.03%
2025-08-06
AMA on X
Ankr will host an AMA on X on August 7th at 16:00 UTC, focusing on DogeOS’s work in building the application layer for DOGE.
ANKR
-3.23%
2025-08-06

Related Articles

Solana Need L2s And Appchains?
Advanced

Solana Need L2s And Appchains?

Solana faces both opportunities and challenges in its development. Recently, severe network congestion has led to a high transaction failure rate and increased fees. Consequently, some have suggested using Layer 2 and appchain technologies to address this issue. This article explores the feasibility of this strategy.
6/24/2024, 1:39:17 AM
The Future of Cross-Chain Bridges: Full-Chain Interoperability Becomes Inevitable, Liquidity Bridges Will Decline
Beginner

The Future of Cross-Chain Bridges: Full-Chain Interoperability Becomes Inevitable, Liquidity Bridges Will Decline

This article explores the development trends, applications, and prospects of cross-chain bridges.
12/27/2023, 7:44:05 AM
Sui: How are users leveraging its speed, security, & scalability?
Intermediate

Sui: How are users leveraging its speed, security, & scalability?

Sui is a PoS L1 blockchain with a novel architecture whose object-centric model enables parallelization of transactions through verifier level scaling. In this research paper the unique features of the Sui blockchain will be introduced, the economic prospects of SUI tokens will be presented, and it will be explained how investors can learn about which dApps are driving the use of the chain through the Sui application campaign.
6/13/2024, 8:23:51 AM
Navigating the Zero Knowledge Landscape
Advanced

Navigating the Zero Knowledge Landscape

This article introduces the technical principles, framework, and applications of Zero-Knowledge (ZK) technology, covering aspects from privacy, identity (ID), decentralized exchanges (DEX), to oracles.
1/4/2024, 4:01:13 PM
What Is Ethereum 2.0? Understanding The Merge
Intermediate

What Is Ethereum 2.0? Understanding The Merge

A change in one of the top cryptocurrencies that might impact the whole ecosystem
1/18/2023, 2:25:24 PM
What is Tronscan and How Can You Use it in 2025?
Beginner

What is Tronscan and How Can You Use it in 2025?

Tronscan is a blockchain explorer that goes beyond the basics, offering wallet management, token tracking, smart contract insights, and governance participation. By 2025, it has evolved with enhanced security features, expanded analytics, cross-chain integration, and improved mobile experience. The platform now includes advanced biometric authentication, real-time transaction monitoring, and a comprehensive DeFi dashboard. Developers benefit from AI-powered smart contract analysis and improved testing environments, while users enjoy a unified multi-chain portfolio view and gesture-based navigation on mobile devices.
5/22/2025, 3:13:17 AM
Start Now
Sign up and get a
$100
Voucher!