Mango Markets gets hacked for $100 million, but the culprit may already have been identified
Editor's Note: With so much market volatility, stay on top of daily news! Get caught up in minutes with our speedy summary of today's must-read news and expert opinions. Sign up here!
(Kitco News) - Hacks in the crypto ecosystem are nothing new, but the latest incident has taken an interesting turn, even by crypto standards.
It all started with an exploit of the Solana-based decentralized finance protocol Mango Markets (MNGO), which saw a hacker manipulate the price data of its native MNGO token that allowed them to take out under-collateralized cryptocurrency loans.
In total, the attacker was able to drain $100 million from the DeFi platform's coffers. At this point, it's unclear how the perpetrator was able to alter the price of MNGO from the perspective of the Mango protocol.
But the story doesn’t end there.
In the hours following the hack, the attacker engaged with the Mango community and sought to create and help pass a proposal that would see the stolen funds returned.
So just to recap the @mangomarkets situation:— Alex Valaitis (@alex_valaitis) October 12, 2022
-Hacker exploits Mango for $100M+
-Hacker turns around & offers to return most funds, if DAO promises not to pursue criminal investigations
-Hackers uses 32M votes from the exploit to vote 'Yes'
LMFAO you cannot make this shit up! pic.twitter.com/LsdafMS7vQ
They subsequently used the stolen MNGO tokens to vote on and pass the proposal, leaving little recourse for the Mango Markets community.
Mango confirmed the exploit via a tweet on Tuesday, stating that it was investigating the incident and that it was "taking steps to have third parties freeze funds in flight" and "disabling deposits on the front end as a precaution."
The project later confirmed that it was a manipulation of the price oracle for its MNGO token that enabled the exploit and indicated that deposits would continue to be disabled amid the ongoing investigation.
Crypto sleuths were quick to jump on the case, and it looks as though the culprit may have been identified.
According to former economist Chris Brunet, who runs the Karlstack Crypto substack, the attacker has been identified as Avraham Eisenberg. Brunet claims to be on a private Discord server with Eisenberg, who goes by the username “Vires Creditor and Honest Person.”
Brunet provided a screenshot that shows Eisenberg bragging about “investigating a platform that could maybe lead to a 9 figure payday” and then explaining the logistics of how he planned to pull this off on the “minecraft chain.”
An additional screenshot provided shows $7,500,000 in funds going from the Mango exploiter’s address on Solana, routed through Circle, and deposited on Eisenberg’s ponzishorter.eth ethereum address.
Brunet reached out to Eisenberg in order to give him a chance to respond to or refute the allegations and provided him with a copy of the article for review prior to posting. The official response received did not address the Mango situation and instead discussed Eisenberg’s observations about being able to do a similar exploit on AAVE and Justlend.
“I will leave it up to the reader to decide how credible that is,” Brunet said, adding “To me, this essentially reads as: IF I DID IT…”
|Microsoft joins forces with Meta to bring its suite of products to the Metaverse|
At the time of writing, there had been no official response from Mango in regard to these allegations. The price of MNGO has fallen 30% from its pre-hack value and currently trades at $0.0275.
Tuesday's exploit of Mango Markets is the second major decentralized finance attack in less than a week following the Oct. 7 hack of Binance’s BNB blockchain, which saw thieves make off with $80 million in funds.