EXCLUSIVE: The Man Who May Have Milked $100+ Million from Mango Markets
His name is Avraham Eisenberg
6 months ago, Karlstack leaked a document written by a group of anonymous whistleblowers summarizing the facts of a scam in which someone exploited $14 million USD.
That was a small-scale enough heist, apparently, to fly under law enforcement’s radar, because Avraham Eisenberg was seemingly never investigated at all, let alone punished. That lack of punishment seems to have emboldened him.
This latest scheme happened just last night — this is breaking news! — when it emerged that someone took roughly $114 million USD from “Mango Markets,” whose website describes themselves as “Decentralised, cross-margin trading up to 20x leverage with lightning speed and near-zero fees.”
CoinDesk and BlockWorks are probably the most reputable 2 outlets in this space. Rather than walk through the extremely convoluted/sophisticated/complex facts of this case, I will refer you to their reporting from last night which gives an authoritative summary.
This was an extremely sophisticated/complex attack, and I am not going to get lost in the weeds explaining the technical details to my readers.
TLDR: Mango markets were exploited via manipulation of the spot price of Mango token. The hacker took a large, long position using mango markets, allowing him access to a high amount of leverage. Then he proceeded to prop up the spot market increasing the theoretical value of his long position. With a newfound account value of over 400 million he was able to borrow solid assets from the protocol and exit. This made him a net profit of 100 million dollars.
I know something CoinDesk and BlockWorks don’t know, however, because, well, I am in a private Discord server with the alleged hacker, where nerds of all stripes meet to discuss crypto/stocks/prediction market trading strategy.
In fact, I have screenshots showing him plotting and bragging about his latest coup.
This is Eisenberg’s discord account. He goes by the username “Vires Creditor and Honest Person”:
Here he is on October 5th, 2022 bragging about “I’m investigating a platform that could maybe lead to a 9 figure payday” and then explaining the logistics of how he planned to pull this off on the “minecraft chain”.
Here is musing on how he will spend the money. He is planning to “leave it to my kids… when I die.”
This screenshot shows $7,500,000 going from the Mango exploiter’s address on Solana, through Circle, to Eisenberg’s ponzishorter.eth ethereum address
This one shows him covering the capital used in the market back to his address.
https://etherscan.io/tx/0xdd9cc9178e326c3678c49fac4aeab9deb4ed058dec0f907d5b8562f24c0f5c04
So… that’s pretty much that.
I reached out to Eisenberg for comment, asking him to explain these screenshots. This was his official, on the record response:
I've been exploring a number of lending platforms with exposure to low-cap coins. So far I've run analyses on AAVE (BAL and REN) and Justlend (SUN/SUNOLD), as a heavy user of both protocols myself. The ones I've looked at tend to require very high initial capital - high 8 or low 9 figures - a fund might be able to do it, similar to how Alameda took advantage of Voyager lending against illiquid tokens. For justlend another issue is the oracle only moves 10% maximum per half hour, and additionally the SUNOLD oracle has been significantly off recently, as it seems to track the SUN market instead. This has led to some minor arbs. I reported this to the winklink team the other week. I haven't yet done a report for aave and may not, since it requires substantially more capital. If you're interested I can write up a guest post on this general kind of trade, how sensitive it is to the various LTV parameters and liquidity, etc. Might do that tomorrow since it seems there'd be general interest now. Anyway, the justlend scenario I gamed out can technically work but it would take way too long for the price to move enough with the oracle anchor, which makes it not viable outside simulations in my opinion. The general idea is not new or unique to me - the final Cream Finance drain last year used multiple accounts with opposing positions and a large price increase. Venus finance had a similar one last year - see https://thedefiant.io/bscs-venus-protocol-left-with-bad-debt-after-liquidations
— Avraham Eisenberg
I will leave it up to the reader to decide how credible that is.
To me, this essentially reads as:
I sent Eisenberg the draft of this article before it was published and offered him the opportunity to point out any factual inaccuracies.
I also reached out to Mango Markets for comment but did not receive a response.
If you feel that Avraham Eisenberg has stolen from you, it is recommended to file a complaint with the following regulatory bodies:
Finally, if you appreciate this investigative journalism, please consider becoming a free or paid subscriber, and share this article.
Normally I don’t include my personal crypto wallet in my articles, but if you feel like donating to support my investigative journalism, please feel free.
Bitcoin: 3F9bmuaoihVKkjQZeXQVAfogjPJzs9s2YB
Ethereum: karlstack.eth
Solana: 3zqELZ36cQbqWhxgHjRwLTAFAGEgrxdimbxrdme3ZzYV
I am a little confused: was this a crime, or just using the badly written rules of the market to walk out with money? I honestly can't tell if something illegal happened, or just the system was so badly designed that it allowed for this and no one realized it previously.
I need to get in these discords it seems