Mango Markets had some problems. Full details at the link, but the short version is that someone put on large offsetting positions, jammed the price on an exchange used to mark Mango positions, and then withdrew the profits on the winning side. This depleted Mango’s insurance fund.
There was further drama after that, and on Sunday the exploiter, revealed to be self-described “digital art dealer” Avraham Eisenberg, confirmed his involvement in the attack, saying his activities were legal open market actions as he used the platform in line with its design. Eisenberg says he wants to salvage the situation by negotiating a settlement agreement to return $67 million, and he aims to recapitalize the exchange and make all users whole.
But we are going to stop with the incident itself and ask a simple question: is this sort of “attack” illegal or otherwise actionable?
Mango Market’s documentation clearly considers the possibility this sort of thing can happen.
This is 100% clear in the documentation. It’s not even a “did you read the code?” situation – this is clearly part of the design on purpose. And Mango has a real, on-chain, governance process:
This is not some sham setup where proposals are posted on forums and vaguely connected to the smart contracts through a dev team. “Proposals are executable code, not suggestions for a team or foundation to implement.” So this thing works how it works on purpose.
Mango is also entirely unregulated. This is an empirical statement and not meant to indicate any opinion on whether or not these activities should be regulated or whether they run afoul of any existing laws. This, again, is made plain in the Litepaper:
If anyone puts up their hand and says they operate Mango Markets they are likely to face tough questions. This is a pattern including here, here and elsewhere. If you run some kind of outlaw trading platform you may get in trouble for dodgy futures trading, or offering swaps, or whatever. But nobody gets in trouble for simply trading those outlaw futures or swaps.
So Mango was clearly operating in a trustless environment where users were expected to protect themselves, accepted the possibility of automatically socialized losses, and generally all interactions are at arms-length.
Is lying legal?
The case of United States v Bogucki is instructive here. (Full disclosure I’ve worked with the defendant and at the bank in question, though not at the same time. But we are mainly going to quote the judge so that does not really matter.) In that case a senior trader at a large well-known bank lied directly to large a corporate counterparty on a recorded line. The defendant did not dispute this.
As this case concerned activities within the foreign exchange markets, only the barest of regulations applied. These were not registered securities or swaps or even trades on some kind of regulated commodities exchange. They were OTC deals subject to only the most basic of rules.
And eventually the defendant was acquitted with the judge saying:
Here, the Government has pursued a criminal prosecution on the basis of conduct that violated no clear rule or regulation, was not prohibited by the agreements between the parties, and indeed was consistent with the parties’ understanding of the arms-length relationship in which they operated. The Court cannot permit this case to go to the jury on such a basis.
That reference to “agreements between the parties” is to an ISDA agreement which clearly stated that:
This agreement and each transaction have been entered into by each party in reliance only upon its judgment in order to accomplish legitimate business needs. Neither party holds itself out as advising, or any of its employees or agents as having any authority to advise, the other party as to whether or not it should enter into this agreement or any transaction.
While that language is not contained in any of Mango Market’s docs, it pretty well sums up the ethos of the project. Further, Mango is an exchange. Whatever the relationship is between a corporate and a bank, you’d expect the balance to tilt further in favor of the end-user when measured against an exchange. Put simply: if it is legal for a bank to lie to a corporate in a lightly regulated market it is surely legal for a trader to lie to an exchange in an unregulated one.
If Mango wants to pursue this as an “attack” they are going to need to accept they’ve been operating outside the law for some time and deal with the consequences of that admission. It is also not clear how much that would help.
The “attacker” did not fail to register with the CFTC (or whatever the problem might end up being). Nobody comes after platform users for the platform’s regulatory shortcomings. Nor should they! Imagine the chaos if every depositor at a bank got in trouble when the bank itself was fined for some misdeed. It would be endless.
But even if they managed to resolve the regulatory issues and get stronger terms in place it is already too late. Mango wanted to run a permissionless, decentralized system governed solely by the tokenholders. OK. There is a scene in Goodfellas where Henry Hill explains what the Mafia does:
And that’s what it’s all about. That’s what the FBI could never understand. What Paulie and the Organization does is offer protection for people who can’t go to the cops. That’s it. That’s all it is. They’re like the police department for wiseguys.BBQ scene in Goodfellas.
Of course we are not advocating for a similar sort of setup here. The point is simply that if exchanges and the like wish to operate outside existing legal frameworks they had best be prepared to defend themselves without official support. Or, in the words of someone that also had strong views on conduct in the foreign exchange markets:
Put up again thy sword into his place: for all they that take the sword shall perish with the sword.Matthew 26:52
If you want a purely mechanical system based entirely on set-in-stone rules and an ethos of “trust no one” that’s fine. But you’d best be prepared for occasional turbulence.