Blockchain & Cryptocurrency , Cryptocurrency Fraud , Fraud Management & Cybercrime

Hacker Masterminded, Executed $110 Million Crypto Fraud Scheme Marianne Kolbasuk McGee (HealthInfoSec) • April 18, 2024    

A New York federal jury found a hacker guilty of all charges that he masterminded and carried out a scheme to fraudulently obtain $110 million from cryptocurrency exchange Mango Markets and investors.

See Also: Revolutionizing Cross-Border Transactions with Permissioned DeFi

Prosecutors indicted Avraham Eisenberg, 28, in January 2023 on three criminal counts including commodities and wire fraud and market manipulation. Federal authorities arrested Eisenberg in Puerto Rico in December 2022 after weeks earlier he caused the trading platform riding on the Solana blockchain to halt trading after pumping up the price of the MNGO token and withdrawing funds. Mango allowed users to borrow against their assets but the money to cover the withdrawal ultimately came from other investors (see: Everything We Know About the Mango Markets Hack).

“The more he pumped, the more he could steal,” said Peter Davis, assistant U.S. attorney during closing arguments, reported to Bloomberg. “He pumped the price and lied so he could steal people’s money.”

Eisenberg returned roughly $67 million and brokered a deal putatively binding the decentralized finance company against pursuing a criminal investigation.

“Would-be financial criminals should think twice before daring to engage in illicit conduct on our watch,” said U.S. Attorney Damian Williams for the Southern District of New York.

Eisenberg’s defense argued he merely took advantage of smart contracts to execute a risky but legal trading gambit. Eisenberg “wholly complied” with Mango smart contracts – which carried the warning that “This is unaudited software, use it at your own risk,” said defense attorney Brian Klein, Bloomberg also reported.

Eisenberg outed himself as the hacker shortly after the incident, posting on social media that “all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are.”

The indictment says that Eisenberg deceptively used two accounts on Mango Markets that he controlled and that did not appear to public, to sell from himself to himself large numbers of MNGO perpetual futures.

He made a series of large purchases on MNGO using the USDC stablecoin with the aim of artificially inflating the price of MNGO relative to USDC and in turn, the price of MNGO perpetual futures on Mango Markets. That caused the price of MNGO to rise about 1,300% in about 20 minutes, according to prosecutors.

The artificially pumped value of MNGO Perpetuals that Eisenberg had purchased from himself allowed him to borrow and then withdraw about $110 million worth of various cryptocurrencies from Mango Markets. After he stopped buying USDC, the value of MNGO plummeted and he absconded with the money, with no intention to repay the loan, prosecutors said.

The court in December denied Eisenberg’s motion to dismiss

Eisenberg potentially faces imprisonment of up to 10 years in prison on the commodities fraud count and the commodities manipulation count, and a maximum penalty of 20 years in prison on the wire fraud count. Sentencing is set for July 29.

He also faces civil lawsuits from the Commodity Futures Trading Commission and the Securities and Exchange Commission that have been on hold pending the outcome of his criminal case.

The guilty outcome also frees up Mango to pursue its own civil lawsuit against Eisenberg. The decentralized platform sued in January 2023, arguing that the deal the hacker cut with Mango investors to return funds in exchange for releasing claims against him occurred under duress and was unenforceable. The lawsuit demands the return of the $47 million Eisenberg kept and damages.

With reporting from Information Security Media Group’s David Perera in Washington, D.C.