Avraham Eisenberg, the trader behind the Mango Markets exchange attack, has been arrested and could face charges of commodity fraud and manipulation. The decentralized futures exchange was hit with an oracle manipulation attack in October 2021, in which Eisenberg borrowed $110m from the lending pool and sent the funds to his wallet with no intention of paying them back. After collapsing in value, Eisenberg returned $67m to the Dow and the rest was written off. Eisenberg fled to Israel following the attack but returned to Puerto Rico after funds were returned. Prosecutors detail the specifics of the attack in charging documents.
An Overview of the Avraham Eisenberg Case and Its Potential Regulatory Implications for DeFi
Recently, the crypto industry witnessed an arrest that could have significant implications for DeFi. Avraham Eisenberg, the trader behind a strategy that attacked the Mango Markets exchange, was arrested. While the illegality of FTX’s attack is clear-cut, the legal status of Eisenberg’s attack on Mango Markets is not as straightforward. In this article, we will examine the case and its implications for DeFi.
What Happened at Mango Markets?
Mango Markets is a decentralized futures exchange built on Solana. In mid-October 2021, the exchange was hit with an oracle manipulation attack. Two accounts on Mango each funded with about $5 million in USDC were involved. One of the accounts offered to sell a large amount of perpetual contracts in Mango USDC to the other account, creating a long position of about 483 million mango tokens. Soon after, the spot price of mango tokens spiked on two centralized exchanges: FTX and Ascendex. This caused the mango markets protocol to view the account with the long position as having a lot of collateral ($190 million worth), which was then used to borrow $110 million in different tokens. The attacker withdrew the funds to their wallet and sold all the mango bought on the centralized exchanges for USDC, which led to the price of mango collapsing. In the end, the attacker drained funds from the lending pool on Mango Markets, which belonged to other users on the exchange.
Is This a Common Occurrence?
Oracle manipulation attacks are not uncommon in DeFi and have been carried out on Ethereum DeFi protocols in the past. This is one of the reasons why oracles need to have extremely robust pricing data.
Avraham Eisenberg’s Involvement
A few days after the attack, Eisenberg tweeted that he was involved in a “highly profitable trading strategy” on Mango Markets. He claimed that the actions taken were legal, and it was an open market action using the protocol as designed. However, it came to light that Eisenberg was behind the Fortress Dow exploit, which was not his first instance of shady dealings on the blockchain. After some negotiations, Eisenberg returned $67 million to the Dow, part of an agreement that would not have the Dow come after him for the funds or pursue criminal charges.
Despite returning the funds, Eisenberg was arrested by the US Department of Justice in Puerto Rico on December 27, 2021, and charged with one count of commodity fraud and one count of commodity manipulation. The charging documents show that some of the USDC used to fund the Mango Markets account was traced to a circle account in Eisenberg’s name. A larger allocation was sent to the two exchanges that manipulated the spot market, with one of the exchanges being tied to a Ukrainian lady, but the agents later discovered that the Gmail account used to register had a backup email and phone number connected to Eisenberg. The documents also detail the specifics of the attack and Eisenberg’s involvement.
While DeFi offers ample opportunities for users to make money, it also poses significant risks. Regulators are watching, and illegal activities will not go unpunished. The Eisenberg case highlights the need for DeFi participants to act within the bounds of the law and for DeFi projects to put in place adequate security measures to prevent such attacks. In summary, it is a reminder that actions taken in public have consequences, and it is not always straightforward to judge which actions are legal and which are not.