Crypto exchange hacker nets $114m but returns $67m to pay back customers

Mango Markets exploit was achieved using ‘legal open market actions,’ hacker claims

Anthony Cuthbertson
Monday 17 October 2022 13:31 BST
Comments
A hacker claims to have acquired $114 million from Mango Markets through a ‘profitable trading strategy'
A hacker claims to have acquired $114 million from Mango Markets through a ‘profitable trading strategy' (Mango Markets)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

A hacker has returned $67 million (£59m) acquired from a crypto platform but kept $47m after claiming that his actions were legal.

Mango Markets suffered an exploit, whereby the price of its mango token was artificially inflated in order to then drain money from the popular exchange.

Avraham Eisenberg, who claims to be part of a group that carried it out, said the gains were part of a “highly profitable trading strategy”, though offered to return some of the funds after customers were unable to access their holdings.

The hacker, who describes himself as a digital art dealer, released a statement on Twitter explaining why he returned more than half of the money.

“I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are,” he wrote.

“Unfortunately, the exchange this took place on, Mango Markets, became insolvent as a result, with the insurance fund being insufficient to cover all liquidations. This led to other users being unable to access their funds.”

The hacker claimed that negotiations with the Mango Market’s insurance fund meant that no user funds would be impacted by his actions.

The Mango Markets community voted for Mr Eisenberg to keep $47m if he returned $67m in order to cover their deposits. In return, users agreed to not pursue any legal action.

“All Mango depositors will be made whole,” a community post stated.

“By voting for this proposal, mango token holders agree to pay off the bad debt with the treasury, and waive any potential claims against accounts with bad debt, and will not pursue any criminal investigation or freezing of funds once the token are sent back as described above.”

Some users objected to the deal, noting that the amount awarded was much higher than a bug bounty would have been if the exploit had been reported rather than carried out.

“We should give him less of a bounty because he is a criminal in no position to negotiate anymore,” one user wrote.

Another remarked: “I vote yes as the proposal puts the users – and their funds – first, however, with the Treasury mostly depleted, there are now serious concerns on the continuity of the project... How will founders be able to continue building Mango with close to zero funds.”

Mango Markets confirmed over the weekend that “$67m in various crypto assets” had been returned, adding that it would be meeting on Monday to discuss next steps.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in