Mango Markets exploiter said actions were ‘legal,’ but was it?

Published at: Oct. 18, 2022

The $117 million Mango Markets exploiter has defended that their actions were ‘legal,’ but a lawyer suggests that they could still face consequences.

Self-described digital art dealer Avraham Eisenberg, outed himself as the exploiter in a series of tweets on Oct. 15 claiming he and a team undertook a “highly profitable trading strategy” and that it was “legal open market actions, using the protocol as designed.”

I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are.

— Avraham Eisenberg (@avi_eisen) October 15, 2022

The Oct. 11 exploit worked through Eisenberg and his team manipulating the value of their posted collateral — the platforms’ native token MNGO — to higher prices, then taking out significant loans against their inflated collateral which drained Mango’s treasury.

Michael Bacina, partner at Australian law firm PiperAlderman told Cointelegraph “if this had occurred in a regulated financial market it would be likely seen as market manipulation.”

“Price manipulation is a cousin of misrepresentation, and in many jurisdictions engaging in misleading and deceptive conduct is unlawful and grounds for legal claims.”

Eisenberg has committed to “making all users whole” and negotiations between him and the Mango Decentralized Autonomous Organization (DAO) have resulted in the DAO voting that Eisenberg be allowed to keep $47 million as a “bug bounty," while the rest will be sent back to the treasury.

A stipulation as part of the proposal states MNGO token holders “will not pursue any criminal investigations or freezing of funds” as Eisenburg has sent back the agreed portion of the exploited cryptocurrency.

However, Bacina said it’s “unlikely” that Eisenburg would be released from all liability, even from those that voted for the proposal, given the wording of the proposal are “weak," commenting: 

“The wording of the proposal is weak and the circumstances are such that the offer of a release are questionable.”

That being said, Bacina said there might be a “limited commercial incentive” to sue Eisenburg as any legal claims would be reduced by the amount a member received due to the proposal.

“Assuming claims survive the proposal, any claims would still need to be reduced by any amounts which had been received by a member as a result of the proposal, which may mean many members have limited commercial incentive to sue Mr Eisenberg,” he explained. 

Related Wintermute repays $92M TrueFi loan on time despite suffering $160M hack

Part of the $67 million worth of crypto returned to the platform will now be used to reimburse affected users under the reimbursement plan approved by the DAO.

Eisenberg maintains the exploited crypto he returned is similar to automatic deleveraging on cryptocurrency exchanges where a portion of profits from profitable traders is recovered to cover losses by the exchange.

Tags
Law
Related Posts
Furucombo to issue iouCOMBO tokens to repay victims of $15M exploit
Decentralized finance transaction combination tool Furucombo will compensate the victims of a recent “evil contract” exploit that cost the protocol $15 million in stolen funds. Following an internal call with affected users last week, Furucombo released a compensation plan Tuesday, announcing that they will issue 5 million iouCOMBO tokens to the victims of the breach. Issued in the form of ERC-20 tokens, iouCOMBO tokens will represent the rights to claim Furucombo’s COMBO tokens in the recovery pool. Out of a total of 100 million COMBO tokens, 5 million coins have been allocated to the recovery pool, and are subject to …
Technology / March 9, 2021
Transaction batching protocol Furucombo suffers $14 million “evil contract” hack
The latest “evil contract” exploit has netted an attacker over $14 million in stolen funds. Furucombo, a tool designed to help users “batch” transactions and interactions with multiple decentralized finance (DeFi) protocols at once, fell victim to the attack at roughly 4:45 pm UTC, which centered on token approvals from users. The attacker’s address currently has $14 million worth of various cryptocurrencies, but the attack appears to be larger as they have been transferring ETH to privacy mixer Tornado Cash in batches over the last hour. This attack is conceptually similar to the $20 million “evil jar” attack that struck …
Ethereum / Feb. 27, 2021
The aftermath of Axie Infinity’s $650M Ronin Bridge hack
In late March, Ronin, an Ethereum sidechain built for the popular play-to-earn nonfungible token game Axie Infinity, was hacked for over 173,600 Ether (ETH) and 25.5 million USD Coin (USDC) for a combined value of over $600 million. The breach on the Ronin bridge was confirmed by Sky Mavis, the developers behind the popular play-to-earn (P2E) game: There has been a security breach on the Ronin Network.https://t.co/ktAp9w5qpP — Ronin (@Ronin_Network) March 29, 2022 The official report from the company noted that the hackers managed to get access to private keys to validator nodes resulting in the compromise of five validator …
Blockchain / April 12, 2022
Binance identifies KyberSwap hack suspects, involves law enforcement
Helping investigate a $265,000 hack on decentralized crypto exchange KyberSwap, crypto exchange Binance narrowed down two suspects that seem responsible for the attack. On Sept. 1, Kyber Network succumbed to a frontend exploit, allowing the attacker to make away with $265,000 worth of user funds from KyberSwap. While investigations were underway, KyberSwap offered a 10% bounty — of roughly $40,000 — to the hacker as means to remediate the situation. Parallelly, based on an independent investigation, Binance’s security team identified two suspects that may be responsible for orchestrating the virtual heist. Binance CEO Changpeng ‘CZ’ Zhao confirmed that the intel …
Blockchain / Sept. 3, 2022
Developers need to stop crypto hackers — or face regulation in 2023
Third-party data breaches have exploded. The problem? Companies, including cryptocurrency exchanges, don’t know how to protect against them. When exchanges sign new vendors, most just innately expect that their vendors employ the same level of scrutiny as they do. Others don’t consider it at all. In today’s age, it isn’t just a good practice to test for vulnerabilities down the supply chain — it is absolutely necessary. Many exchanges are backed by international financiers and those new to financial technologies. Many are even new to technology altogether, instead backed by venture capitalists looking to get their feet wet in a …
Bitcoin Regulation / Nov. 3, 2022