Mango Markets exploiter comes clean, claims all actions were legal

Avraham Eisenberg, the man behind the $114 million exploit on Mango Markets, has confirmed that he orchestrated the attack on the DeFi platform in a statement issued today.

“I was involved with a team that operated a highly profitable trading strategy last week,” Eisenberg confirmed, adding, “I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are.” Eisenberg declined to comment on the size of his team when asked by The Block.

This legal trading strategy required $10 million on Eisenberg’s part to drain $114 million from Mango Markets. The “trade” worked by manipulating the price oracle to inflate the mango token price three-fold from $0.30 to $0.91. This boosted the value of Eisenberg’s collateral, allowing him and his team to borrow more funds from the protocol.

Eisenberg’s name was linked to the attack barely a day later. Independent reporter Chris Burnet published an article providing some evidence connecting Eisenberg to the attack. The evidence included leaked screenshots of Discord chats describing the planned attack as well as suspicious on-chain activities following the incident. This is not the first time Eisenberg has been linked to a DeFi exploit. Earlier this year he was accused of defrauding FortressDAO investors to the tune of $14 million. 

With regards to FortressDAO, Eisenberg said, “In February, Fortress DAO voted for a full redemption of the Treasury and I helped implement that. By the end of March, this redemption was complete and any fort token holders were able to exit for a proportional share of the Treasury."

The attack left Mango Markets insolvent with user positions in danger of being liquidated, as the protocol could not repay the bad debt. Eisenberg noted this in his statement and said he helped negotiate a deal with the DeFi platform. The Mango community voted today to allow Eisenberg to keep $47 million while returning the remaining $67 million to the project. The returned funds will be used to recapitalize the exchange. The bad debt brought on by the exploit can then be covered.

Shortly after the vote started, Eisenberg repaid around $8 million worth of tokens, according to on-chain data. According to the details of the deal captured in the vote, this first repayment is a show of good faith on Eisenberg’s part.

The remaining funds have now also been repaid to Mango Markets, both on Solana and on Ethereum. This comprises $48 million of SOL, $10 million of USDC and $90,000 of GMT.

The $47 million to be kept by Eisenberg has been a subject of scrutiny in the crypto space. The amount is larger than the usual bounties claimed by hackers in exchange for the affected platform not pursuing any criminal charges. Other exploiters have struck deals to keep as much as 10% of the loot. In Eisenberg’s case, he and his team will keep over 40% of the funds. Accounting for the $10 million used to launch the attack, the team’s effective payout from the bounty will be about $37 million.

According to Eisenberg, the deal is not out of the ordinary. “This is similar to how auto deleveraging works on exchanges such as Binance and Bitmex, clawing back some profits from profitable traders in order to ensure all user funds are protected,” he said. Auto deleveraging is one of the ways exchanges manage risk during periods of high volatility. It is used as a last-ditch method by exchanges when their insurance funds cannot cover a bankrupt user’s position.

Today’s statement also confirms Eisenberg’s acceptance of the $47 million bounty. The bounty forms part of an agreement between the Mango community and Eisenberg that the former will not pursue any legal action. It remains to be seen whether law enforcement officials will view this arrangement as legally binding.

Earlier today, Eisenberg discussed placing a bet on Twitter that he won’t be charged with a crime by the end of 2023.

Update: This article has been updated to show that Eisenberg returned the funds specified in the governance vote and a comment from him regarding FortressDAO has been added.