1 k

Attacker Behind $100M Mango Market Hack Unveils His Identity

The attacker responsible for the Oct 11 Mango Market exploit has gone public with his identity. Although the exploit drained the DeFi platform of about $100M, the culprit claims it was a legal operation. 

Eisenberg Claims His Actions Were Above Board

A Twitter user called Avraham Eisenberg has outed himself as the Mango Market hacker. Early on Saturday, New York resident Eisenberg, who is a digital art dealer, shared a thread admitting his involvement in the massive exploit. His tweet described the hack as a “highly profitable trading strategy” and referenced other perpetrators. 

The post also clarified that Eisenberg’s actions alongside his team were covered by the law. Indeed, he claimed that during the “hack” they had only used Mango Market as designed. 

I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are.” 

Hacker Proposes and Receives Almost $50M Bug Bounty

The thread went on to note that Mango Market became insolvent due to Eisenberg’s actions. Without sufficient insurance, other users of the platform were cut off from their funds.  As such Eisenberg claimed, he visited the Mango DAO governance forum to help provide a solution.

Indeed, Eisenberg proposed that the Mango Market community make a deal with him. The proposal terms called for the team behind the DeFi project to pay off some bad debt using $70M worth of treasury funds. This was reportedly debt the project had accrued from a bailout in June.

In the proposal, Eisenberg stated that if his demands were met he would return $67 million from the loot. However, the community would let the hacker keep the remaining funds as a bug bounty. This amounted to $47M.

98% of the voters agreed to the deal,  as the hacker used millions of the stolen tokens to vote in support. Notably, the proposal also saw Eisenberg request that the platform would not press charges. 

As a result of this agreement, once the Mango team finishes processing, all users will be able to access their deposits in full with no loss of funds,” said Eisenberg.

Community Reactions

The attack involved an oracle price manipulation. Eisenberg was able to drive up the value of Mango’s collateral. Following, he took out loans from the treasury and counter-traded himself with another account.

One Mango community member described the exploit as a low-tier attack. Echoing the general sentiment, they went on to say the bug bounty was unreasonable. Several users called for the bounty to be halved while others clamored for an arrest seeing that Eisenberg doxxed himself. 

Bitcoin live price
price change

Notably, before he came forward, there had been speculation of Eisenberg’s involvement in the exploit. Indeed, investigative reporter Chris Brunet presented on-chain evidence supporting his claims that Eisenberg was behind the heist. Following the post, Brunet’s allegations have been confirmed.

Stay up to date with our latest articles