(Updated Oct 16) Mango Markets, a Solana-Based Decentralized Finance Platform, was Exploited for over $100 million



Oct 17, 20223 min read

(Updated Oct 16) Mango Markets, a Solana-Based Decentralized Finance Platform, was Exploited for over $100 million

Mango Markets, a decentralized finance trading platform on the Solana blockchain was exploited on October 12, 2022. The hack that is being investigated is worth over $100 million in digital assets.

Updated October 16, 2022

Avraham Eisenberg, who claims to be part of a group that stole $114 million from decentralized cryptocurrency exchange Mango Markets last week, returned $67 million to the Solana-based DeFi hub on Saturday, defending his actions — which some have called an exploit — as both legal and highly profitable.

Eisenberg who was accused of being the Mango exploiter after allegedly carrying out similar attacks in the past made his 1st public admittance of involvement in the exploit in today's tweets. “I believe all of our actions were legal,” he tweeted.

In a tweet, Mango Markets announced that the DAO community would vote in the upcoming days to determine how to distribute the returned funds. There was no refund schedule specified in Mango's thread, but it stated that "multiple DAO votes next week" would take place.

Co-founder of Mango Markets Daffy Durairaj wrote in the project's Discord that "everything has to go through DAO proposals". “My personal goal is to make depositors whole and that's what I'll aim towards. But the mix of tokens and positions everyone had might be different”

The exploit

Mango confirmed the attack in a tweet, stating it was "investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation."

The hacker was successful in withdrawing a variety of digital assets, mainly stablecoins including $53.7 million in USD Coin (USDC) and $3.2 million in Tether (USDT), but also Solana (SOL).

The price of the MNGO token was then heavily dumped, down 53% from the level before the hacker's "artificial" pump took place. Meanwhile, the total value of assets locked in Solana dropped 23% to $997 million from $1.32 billion, according to DeFillama data. This is the first time Solana’s TVL has fallen below $1 billion since July 2021.

Hacker’s Proposal

In an unusual twist, they propose returning a portion of the stolen assets in the form of Marinade-staked Solana (MSOL), native SOL, and the platform's own MNGO governance token. The remainder is claimed by the perpetrator as a "bounty."

Through a proposal submitted to the DAO, the hacker has published his conditions for returning the assets.

According to the proposal, the hacker agrees to return the entire amount of SOL, MSOL and MNGO taken away, equivalent to an amount of about 65.2 million USD, and keep 48.8 million USD in other tokens.

The attacker then used his 32.4 million MNGOs to vote in favor of the proposal, overwhelming the opposition. This proposal requires 67 million MNGOs to be approved and will close in 2 days and 20 hours.

Mango Markets Response

The Mango Markets team has said that its primary goal is to prevent further losses, ensure depositors are made whole and salvage some value for the protocol. To prevent additional deposits, the platform has been frozen.

Hacker’s Identity

On the evening of October 12, the crypto community shared an investigative piece on Solana about the price manipulation attack targeting the Mango Markets derivatives trading platform, claiming to have revealed the perpetrator. This individual, Avraham Eisenberg, has a shady background related to a crypto project called Fortress DAO.

Investigators indicate evidence that Eisenberg recently boasted on a Discord chat group that he had discovered a technique to extract up to 9 digits of money from a project, and reveal to be the owner of the domain ponzishorter.eth. Tracing the attacker's transactions, it can be seen that the amount of money used as collateral originated in an FTX account, then 30 million USDC was transferred to the address ponzishorter.eth.

The crypto community is now calling on the FTX exchange to publish the KYC information of the account that sent money to attack Mango Markets to verify whether the person is Avraham Eisenberg or not.