An exploiter manipulated collateral prices in October to obtain tokens from Mango Markets’ defi project. This resulted in a $110 million loss.
In exchange for a proposal to govern the project, the exploiter tried to make a governance proposal that would allow him to return some of the stolen funds.
The exploit was directed by Avraham Eisenberg, which quickly became clear. Eisenberg spoke about the exploit in screenshots leaked from a private Discord conversation shortly before the attack. “I am investigating a platform that could lead to a 9-figure payday. Should I do it? He wrote. Someone replied that it was legal unless it was extremely illegal.
Eisenberg declined to disclose the vulnerability to a protocol to someone who suggested it, stating that the bug bounty was probably very small.
Eisenberg later admitted to the attack and tweeted a thread where he said he was “involved with a team which operated a highly profitable trade strategy last week.”
All of our actions were legal open markets actions. We used the protocol as designed even though the development team didn’t fully anticipate the consequences.
Eisenberg was arrested in Puerto Rico by the feds on December 26 after disagreeing with his assessment. He was charged with commodities manipulation and commodities fraud.