CFTC Charges Mango Markets Hacker With Fraud | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #hacker

The Commodity Futures Trading Commission filed charges against Avraham Eisenberg on Monday, accusing him of manipulating the Mango Markets decentralized exchange and stealing over $110 million in digital assets. The news comes a week after the Department of Justice charged Eisenberg with the October 11, 2022 hack.

“The goal of Defendant’s scheme was straightforward: to artificially inflate the value of his swap contract holdings on Mango Markets through price manipulation so that he could ‘borrow’ a significant amount of digital assets that he had no intention to repay,” the CTFC wrote in its filing.

Mango Markets is a Solana-based decentralized exchange (DEX) governed by a DAO—made up of holders of its native token, MNGO—that lets investors lend, borrow, swap, and use leverage to trade crypto.

On October 11, the Solana exchange was drained of roughly $110 million, with Mango Markets tweeting that a hacker had manipulated the platform’s price oracle.

In December 2022, the U.S. Department of Justice arrested Eisenberg for his involvement in the Mango Markets hack, to which Eisenberg admitted on Twitter. He described the maneuver as “a highly profitable trading strategy.”

The CFTC has now charged Eisenberg with fraud, market manipulation, and violating the Commodity Exchange Act. It says it is seeking monetary penalties, a ban on trading digital asset commodities, and restitution of funds.

According to the agency’s filing, Eisenberg created two anonymous accounts at Mango Markets just before the October hack, and funded each with $5 million in USDC. In one account, Eisenberg used leverage to establish a $19 million long position consisting of over 400 million MNGO/USDC Swaps at approximately $0.04. Then, using the second account, he established a $19 million short position consisting of the same number of MNGO/USDC Swaps.

“In this way, Defendant placed himself on both sides of the same transaction, which effectively resulted in a ‘wash’ transaction,” the agency says. “Because Mango Markets did not require any identifying information to trade on the platform, Eisenberg was able to create both accounts anonymously, thereby concealing from Mango Markets that he was on both sides of this transaction.”

After the hack, Mango DAO offered the Mango Market attacker a $47 million bug bounty and the promise of not pressing charges if they sent back $67 million worth of tokens. Eisenberg publicly agreed to the terms of the deal, but it is unclear whether the tokens were returned.

While the Mango Market DAO and community may be forgiving, the United States and law enforcement agencies are not as easily satisfied. In the filing, attorneys for the CFTC are demanding a trial at a yet-to-be-determined date for Eisenberg and any parties involved with the Margo Markets hack.