•On Tuesday, the Department of Justice announced the arrest of Avraham Eisenberg, charging him with “market-manipulation offenses” related to his attack on the Mango Markets crypto exchange.
• Eisenberg has been charged with commodities fraud and commodities manipulation for his role in the $110 million Mango Markets exploit.
• According to court filings, Eisenberg engaged in a scheme involving the intentional and artificial manipulation of the price of perpetual futures contracts on Mango Markets.
• By selling MNGO perpetuals from one account to another separate account also under his control, then buying large amounts of MNGO and borrowing against these holdings, Eisenberg was able to withdraw $110 million in assorted cryptocurrencies.
• This strategy had the knock-on effect of essentially rendering the platform insolvent.
On October 14, 2022, Mango DAO offered the mango Market attacker a$47 million bug bounty along with the promise of not pressing charges if they sent back $67 million worth of tokens as part of an effort to “make users whole.”
On October 11, 2022, the Mango Markets crypto exchange was attacked by a hacker who stole more than $200 million worth of cryptocurrency. On Tuesday, December 27, 2022, the Department of Justice made a landmark arrest with their takedown of Avraham Eisenberg. Eisenberg was taken into custody on charges related to market manipulation – he was found guilty of illegally tampering with the Mango Markets crypto exchange, designed to aid financial firms to raise funds in an efficient and secure manner. This case serves as an example of the Technology Crime-Fighting Center’s commitment to holding illegal attackers accountable and upholding the cyber security necessary for businesses to operate in a digital marketplace.
Details of the Attack
Avraham Eisenberg is accused of exploiting a bug in Mango’s code that allowed him to illegally transfer funds from other users’ accounts into his own. He then sold those funds on another crypto exchange before transferring them back into his account on Mango. All told, it is estimated that Eisenberg stole more than $200 million worth of cryptocurrency during his attack on the platform. Eisenberg’s strategy involved artificially inflating the price of perpetual futures contracts on Mango. This allowed him to borrow large amounts of cryptocurrency against his holdings and then withdraw it from the platform, leaving it insolvent.
The Aftermath of the Attack
In response to the attack, Mango has launched a bug bounty program that rewards users with 10% of any stolen funds they are able to recover. The company has also created a decentralized autonomous organization (DAO) called “Mango DAO” which is offering victims access to its platform where they can earn rewards for reporting bugs or vulnerabilities in its codebase. The DAO also promises to reimburse victims for losses incurred as a result of any attacks carried out against its network.
The attack on Mango Markets serves as an important reminder that security must always be top-of-mind when dealing with cryptocurrency exchanges and other digital platforms. While no system is completely bulletproof, businesses can take steps to protect their customers and mitigate damage by implementing bug bounty programs and other measures designed to detect potential weaknesses in their codebase. By taking proactive steps like these, businesses can ensure they are taking all necessary precautions to ensure their customers’ data remains secure at all times.