Cryptocurrency Fraud , Fraud Management & Cybercrime
Mango Markets Hacker Charged with Fraud, Market Manipulation
Man Claims the $110M Hack Was Merely a 'Highly Profitable Trading Strategy'U.S. law enforcement arrested and charged the hacker who exploited Mango Markets with fraud and market manipulation. The man earlier claimed that the $110 million hack on the decentralized finance platform had been merely a "highly profitable trading strategy."
See Also: The Healthcare CISO’s Guide to Medical IoT Security
The FBI arrested Avraham Eisenberg in Puerto Rico on Monday for orchestrating the artificial manipulation of the price of perpetual futures on Mango Markets and for commodities fraud, according to a Friday complaint unsealed by the Southern District of New York on Tuesday. Eisenberg potentially faces imprisonment of up to 25 years for the fraud charge.
Eisenberg publicly acknowledged the incident on Oct. 15, days after the company said that his actions had "effectively resulted in a total draining of all equity available" on the platform. Eisenberg, the hackers' self-proclaimed leader, said at the time that his team's activities had been only a "highly profitable trading strategy."
He also proposed a return of funds, but only if token holders allowed him to keep $70 million without the possibility of criminal prosecution. He communicated the proposal on the Mango Markets decentralized autonomous organization platform and proceeded to use votes tied to the stolen assets to support the proposition.
The Mango DAO governs Mango Markets and gives MNGO token holders the power to make decisions about the platform's functions.
In a nutshell: A hacker who stole cryptocurrency said he should walk away with the majority of the loot and put that plan up for a vote to the people from whom he stole, using votes tied to the stolen cryptocurrency to vote "yes" (see: Everything We Know About the Mango Markets Hack).
Mango Markets was eventually set to pay a $47 million "bug bounty" to the hacker and not pursue criminal charges if he returned $67 million, and 96% of voting tokens favored the deal.
How the Attack Happened
The attacker manipulated the price oracle data of the MNGO token to take out "massive" under-collateralized crypto loans from the Mango treasury, blockchain security firm OtterSec, which identified the attack, said at the time.
An oracle is a tool that feeds relevant off-chain data to the blockchain for smart contracts to use. A price oracle shows the price information for a digital asset. "Neither oracle providers have any fault here. The oracle price reporting worked as it should have," Mango Markets said.
The vulnerability stemmed from the thin liquidity on the exchange market between MNGO and the USDC stablecoin, which was used as the price reference for a MNGO perpetual swap.
"With only a few million USDC at their disposal, the attacker was able to pump the price of MNGO by 2,394%," blockchain security firm CertiK told Information Security Media Group earlier.
The attacker used two addresses to manipulate the price of MNGO from $0.038 to a peak of $0.91, which allowed them to borrow heavily against their MNGO token collateral, CertiK said.
Mango Markets explained the technical details of the attack in a series of tweets.
Most of the stolen funds were deposits of Mango Markets investors. "Due to [Eisenberg's] withdrawals, other investors with deposits on Mango Markets lost much, or all, of those deposits," said FBI special agent Brandon Racz in the SDNY complaint.
Eisenberg likely knew the consequences of his actions, prosecutors said. He boarded a flight from the U.S. to Israel, and the timing of the flight implies that the travel may have "been an effort to avoid apprehension by law enforcement in the immediate aftermath of the market manipulation scheme," Racz said.