Mango Markets Offers $47 Million Bounty to Attacker
Mango Markets, a derivatives trading platform, is set to approve the highest bug bounty reward in crypto history following an attack earlier this week.
Update as of October 16:
By the early hours of October 16, Mango Markets announced that it had reached an agreement with the attacker and successfully recovered $67 million in cryptocurrency. However, the project has not yet provided a timeline for reimbursing users. Mango stated that it will let the community vote on the next steps.
$67M in various crypto assets have been returned to the DAO. Let’s meet up on Monday 3 PM UTC on the Mango discord to discuss, how we can sort out this mess.
— Mango (@mangomarkets) October 15, 2022
Meanwhile, Avraham Eisenberg, the individual accused of the Mango Markets attack, indirectly acknowledged the allegations against him on Twitter, claiming that his actions were "legal" since he exploited Mango Markets as it was designed.
Statement on recent events:
— Avraham Eisenberg (@avi_eisen) October 15, 2022
I was involved with a team that operated a highly profitable trading strategy last week.
Original Post:
As reported by Coin68, Mango Markets was attacked earlier this week in a price manipulation scheme, resulting in a $114 million drain from the platform.
The attack stemmed from vulnerabilities in Mango’s trading volume, which allowed the attacker to inflate prices and then use the inflated collateral to borrow and withdraw a variety of assets.
Immediately following the attack, the perpetrator audaciously offered to return part of the funds if Mango Markets allowed him to keep the majority and refrained from legal action.
The DeFi community quickly identified the attacker as Avraham Eisenberg, a known figure with a dubious past.
By the morning of October 14, Mango Markets proposed a new plan: allowing the attacker to keep $47 million USDC and not pursuing criminal charges, provided he returns the remaining funds. The shortfall will be covered by Mango Markets' own funds.
A new proposal: https://t.co/RkwDfq4N1Q
— Mango (@mangomarkets) October 14, 2022
As of the latest update, this proposal is poised for approval with overwhelming support, indicating that the Mango community has agreed to the settlement with the attacker.
The $47 million USDC bounty would be the largest bug bounty ever paid in the crypto industry. It’s worth noting that the attacker had to spend $10 million to successfully execute his price manipulation scheme.
Despite this, Mango Markets has faced criticism for agreeing to such a large payout to settle with a known bad actor. The attacker has yet to comment on Mango's proposal.
