“A highly profitable trading strategy” was how hacker Avraham Eisenberg described his involvement in the Mango Markets exploit that occurred on Oct. 11.
By manipulating the price of the decentralized finance protocol’s underlying collateral, MNGO, Eisenberg and his team took out infinite loans that drained $117 million from the Mango Markets Treasury.
Desperate for the return of funds, developers and users alike voted for a proposal that would allow Eisenberg and co. to keep $47 million of the $117 million exploited in the attack. Astonishingly, Eisenberg was able to vote for his own proposal with all his exploited tokens.
This is something of a legal gray area, as code is law, and if you can work within the smart contract’s rules, there’s an argument saying it’s perfectly legal. Although “hack” and “exploit” are often used interchangeably, no actual hacking occurred. Eisenberg tweeted he was operating within the law:
“I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are.”
However, to cover their bases, the DAO settlement proposal also asked that no criminal proceedings be opened against them if the petition was approved. (Which, ironically, may be illegal.)
Eisenberg and his merry men would reportedly go on to lose a substantial portion of the funds extracted from Mango a month later in a failed attempt to exploit DeFi lending platform Aave.
The Mango Markets $47-million settlement received 96.6% of the votes. Source: Mango Markets
How much has been stolen in DeFi hacks?
Eisenberg is not the first to have engaged in such behavior. For much of this year, the practice of exploiting vulnerable DeFi protocols, draining them of coins and tokens, and using the funds as leverage to bring developers to their knees has been a lucrative endeavor. There are many well-known examples of exploiters…