Updated: 12 pm, 13/10/2022
Investigative journalist Chris Brunet has alleged that the hacker of Solana DeFi protocol Mango Markets is a person going by the name of Avraham Eisenberg.
According to Brunet, who claims to be in the same Discord channel as the alleged hacker, Eisenberg is a New York resident who also defrauded 6,000 FotressDAO (FORT) investors during the period of December 2021 to April 2022 by converting US$14 million of investor treasury funds into his solely owned and controlled USD-pegged stablecoin FUSD (Fortress USD).
On October 5, a week before the Mango Market exploit, Eisenberg, who goes by “Vires Creditor and Honest Person” on Discord, reportedly wrote on the Discord channel that he was “investigating a platform that could maybe lead to a 9 figure payday,” while explaining how he planned to pull off the heist on the “minecraft chain” – most likely referring to Solana.
Brunet also provided a screenshot which shows US$7,500,000 going from the Mango exploiter’s address on Solana, through Circle, to Eisenberg’s ponzishorter.eth Ethereum address:
It’s still unconfirmed if the hacker is just Eisenberg, or if he was in cahoots with other hackers, considering the fact that only US$7.5 million out of the US$100 million can be traced back to Eisenberg at the time of writing.
The hacker(s) have since made demands to the Mango community. They announced that funds will be returned only if Mango Markets used the money that’s still in their treasury to repay its bad debt (from bailing out a large Solana whale back in June) and make its users whole.
They also demanded that they should not be criminally investigated, nor should their tokens be frozen. The hacker then used their majority share of MNGO tokens to vote “yes” on the proposal, which now has a 99.9% approval rate.
DeFi platform Mango Markets has become the latest victim in the recent slew of crypto hacks, with attackers draining US$100 million from the Solana-based protocol.
According to blockchain auditing firm OtterSec, the attackers made off with the stolen funds by exploiting Mango’s price oracle. It’s believed that they artificially inflated the value of their collateral before taking out a large loan.
The attacker withdrew US$116 million, leaving Mango’s treasury with a negative balance of -US$116.7 million, according to data from OtterSec. Assets drained include USDC, MSOL, SOL, BTC, USDT, SRM, and MNGO, effectively draining all available liquidity from Mango.
“The vulnerability seems to lie within the oracle pricing mechanism within Mango’s DeFi economics. Due to the lack of liquidity, the attacker could manipulate the price oracles with only a relatively small amount. This incident did not occur due to a smart contract flaw, but due to the lack of liquidity, which made it easy for the hackers to manipulate the price,” Jasper Lee, audit tech lead at Sooho.io, told Blockhead.
“The hacker’s demands appear to relate to a bad debt dispute involving a bailout of a Solana whale,” he added.
An eagle-eyed Twitter user also noticed that the attackers were funded US$5.5 million from FTX, prompting CEO Sam Bankman Fried to respond that FTX is currently investigating.
The Mango Markets team has since asked users not to deposit funds until “the situation was more clear” and has also offered a bug bounty to the attackers.