“Highly Profitable Trading Strategy" or Ordinary Theft?
Hacker Avraham Eisenberg, as part of a team of other hackers, stole more than $100 million from the Solana-trading platform Mango and called it “a highly profitable trading strategy.”
Hacker Avraham Eisenberg, as part of a team of other hackers, stole more than $100 million from the Solana-trading platform Mango and called it “a highly profitable trading strategy.”
What is Mango? Mango is a fruit decentralized autonomous organization (DAO) and a platform for cryptocurrency trading, the work of which is supported by Solana and Serum. Mango is open-source, they have their own MNGO token, and the company's goal is “to merge the liquidity and usability of CeFi with the permissionless innovation of DeFi.”
In early October, Mango encountered a very unusual trader, whose name is Avraham Eisenberg. He and his team found an exploit, thanks to which they were able to manipulate the price of the MNGO token.
The attack process was described in detail by Hacken on Twitter. It all started with the hacker opening a giant futures position on the MNGO token. This position, in turn, provoked a spike in the price of MNGO.
2. The opened position size resulted $MNGO token price pump pic.twitter.com/MZ8EYIbBWx
— Hacken🇺🇦 (@hackenclub) October 11, 2022
The jump in price allowed the hackers to take a large debt position. 10 minutes before the attack, the hackers deposited $5 million so that they could take a futures position with leverage.
4. To take leveraged futures position in $MNGO the attacker used $5M USDC deposited in 10 minutes before the actual attack pic.twitter.com/UO1RT9v27A
— Hacken🇺🇦 (@hackenclub) October 11, 2022
Of course, Mango itself reacted to the attack. In order to secure the platform, it was decided to temporarily disable “deposits on the front end.”
We will be disabling deposits on the front end as a precaution, and will keep you updated as the situation evolves.
— Mango (@mangomarkets) October 11, 2022
If you have any information, please contact blockworks@protonmail.com to discuss a bounty for the return of funds. 2/
Then Avraham Eisenberg appeared on the scene. He started a Twitter thread that began with a tweet where Avraham says he was “involved with a team,” and called the incident “a highly profitable trading strategy.” We have written a lot about a variety of hacks, but we have not yet met such impudence and deformation of reality. The hacker himself believes that all his actions and his team’s were legitimate.
I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are.
— Avraham Eisenberg (@avi_eisen) October 15, 2022
Moreover, for some reason, the thief took care of the users' funds and concluded an agreement with the insurance fund so that they would restore the funds as soon as possible.
To remedy the situation, I helped negotiate a settlement agreement with the insurance fund with the goal of making all users whole as soon as possible as well as recapitalizing the exchange.
— Avraham Eisenberg (@avi_eisen) October 15, 2022
One Twitter user condemned the hackers' actions and reminded everyone that people lost their money because hackers used this exploit. But, Avraham Eisenberg said that all user funds are fine.
— Avraham Eisenberg (@avi_eisen) October 15, 2022
A few days after the attack, a post appeared on Mango's Twitter that $67 million in various assets had been returned to the DAO after all.
$67M in various crypto assets have been returned to the DAO. Let’s meet up on Monday 3 PM UTC on the Mango discord to discuss, how we can sort out this mess.
— Mango (@mangomarkets) October 15, 2022
Also, the company said that it will work on security. Therefore, there are no specific deadlines when users will get access to their funds.
We hopefully all agree that development speed should not sacrifice safety, hence there is no concrete timeline for when protocol users will regain access to their funds.
— Mango (@mangomarkets) October 15, 2022
Some users found the whole situation suspicious. But, we will not slip into conspiracy theory and leave these suspicions for your thoughts before sleep. This situation is highly unusual, but the users were not affected, and this is the main point. Be careful with your assets and don't try to pass off theft as something legal. And we continue to observe.