Mango Markets Hit with Price Manipulation Attack, $114 Million Stolen
On the morning of October 12, the Solana-based derivative trading platform Mango Markets fell victim to a price manipulation attack, resulting in a loss of $114 million.
Update, October 14:
By the afternoon of October 14, Mango Markets proposed a new settlement with the attacker, requesting the return of all stolen funds while allowing the attacker to keep $47 million USDC as a bug bounty reward.
A new proposal: https://t.co/RkwDfq4N1Q
— Mango (@mangomarkets) October 14, 2022
Mango Markets also agreed to use project funds to cover the remaining bad debt and fully compensate affected users, while promising not to pursue criminal charges against the attacker.
The original proposal from the attacker was overwhelmingly voted down by the community.
Update, October 12 (Evening):
In the evening of October 12, the crypto community circulated an investigative report on the price manipulation attack targeting Mango Markets. The report identified the attacker as Avraham Eisenberg, who has a history associated with a crypto project named Fortress DAO.
SCOOP: Who was the hacker that stole more than $100,000,000 USD from @mangomarkets last night?
— Chris Brunet (@realChrisBrunet) October 12, 2022
Karlstack has some answers...https://t.co/o5Fa5qbtP6
Investigators pointed to recent claims by Eisenberg on a Discord group about finding a way to extract nine figures from a project, as well as his ownership of the domain ponzishorter.eth. Tracking the attacker’s transactions revealed that the collateral funds originated from an FTX account, with $30 million USDC later transferred to ponzishorter.eth.
1. Quick breakdown of what happened today on @mangomarkets, the movement of exploited funds and who might be responsible. pic.twitter.com/4EKDp2MNyq
— Tristan (@Tristan0x) October 12, 2022
The crypto community is now calling on FTX to release KYC information for the account that sent funds to Mango Markets to verify if the attacker is indeed Avraham Eisenberg.
Update, October 12 (Morning):
On the morning of October 12, an account suspected to belong to the Mango Markets attacker submitted a proposal to the project’s forum, offering to return a portion of the stolen funds in exchange for not facing investigation or criminal charges. The proposal was as follows:
"Repay Bad Debt"
Hello, Mango’s fund currently has about $70 million USDC available to cover bad debt.
I propose the following: If accepted, I will return MSOL, SOL, and MNGO to an address specified by the Mango team. Mango’s fund will cover the remaining shortfall to ensure all users are compensated. The funds I retain will be considered a bug bounty. By voting for this proposal, Mango token holders agree to pay the bug bounty and use project funds to cover bad debt, waiving any claims against remaining bad debt accounts and not investigating or freezing funds once I return the specified tokens.
According to the proposal, the attacker agreed to return all SOL, MSOL, and MNGO tokens taken, equivalent to about $65.2 million, and keep $48.8 million in other tokens.
The attacker then used 32.4 million MNGO tokens to vote in favor of the proposal, surpassing the opposition. The proposal needs 67 million MNGO to pass and will end voting in 2 days and 20 hours.
Original Report:
According to a Twitter announcement, Mango Markets confirmed it had been attacked, with a large sum of money being siphoned off through price manipulation. Mango stated it was working with relevant parties to trace and prevent the attacker from dispersing the funds. The project also requested users to cease using the platform until the issue is resolved.
We are currently investigating an incident where a hacker was able to drain funds from Mango via an oracle price manipulation.
— Mango (@mangomarkets) October 11, 2022
We are taking steps to have third parties freeze funds in flight. 1/
Security firm Hacken detailed how Mango Markets was compromised:
- The attacker deposited $5 million USDC into Mango Markets and opened a long position in MNGO tokens worth approximately $19 million.
- This long position caused the price of MNGO to increase by 167% within less than an hour, boosting the collateral value in the attacker’s account. This occurred due to the low trading volume of MNGO on Mango, which was around $19 million in the past 24 hours—matching the size of the attacker’s position.
- The attacker then used the inflated collateral to borrow various other tokens and withdrew them, totaling $114 million.
The stolen tokens included $52.8 million USDC, $50.5 million SOL, $5.4 million BTC, $3.2 million USDT, $1.7 million USDT, and $14.7 million MNGO.
The attack method mirrors tactics used by the attacker of GMX—a derivative trading platform on Arbitrum—who manipulated AVAX prices in mid-September.
Following the attack, the price of MNGO plummeted by 53% from pre-manipulation levels.
Price Movement of MNGO (24 Hours)
Data from CoinMarketCap as of 07:40 AM, October 12, 2022
Mango Markets is the second major crypto attack in October, following the $186 million theft from BNB Chain’s bridge last week.
