Mango Markets — oracle-manipulation drain

What happened

On 11 October 2022 Avraham “Avi” Eisenberg, a US-based cryptocurrency trader, executed an oracle-manipulation attack against Mango Markets, a Solana-based decentralised exchange and lending protocol, and drained approximately $114 million from its treasury.

Unlike most DeFi exploits, the perpetrator was known and vocal. Eisenberg operated under his real name and, within hours of the attack, posted on Twitter describing what he had done and characterising it as a “highly profitable trading strategy” that was, in his assessment, “legal open market actions.” He then used governance tokens obtained as part of the exploit to propose — and pass — a governance vote in Mango’s DAO that would have allowed him to keep $47 million as a “bug bounty” in exchange for returning the remaining $67 million to the protocol. The governance proposal passed with the majority of votes cast by Eisenberg’s own token holdings.

Mango Markets did not recover its treasury in full. The protocol was severely damaged operationally. The MNGO token lost most of its value following the exploit. In December 2022, US federal law enforcement arrested Eisenberg in Puerto Rico on charges of commodities fraud, commodities manipulation, and wire fraud. He was tried in the Southern District of New York, convicted on all charges in April 2024, and sentenced. The case was the first US criminal conviction for on-chain DeFi market manipulation.

How it worked

The Mango Markets exploit is a textbook oracle manipulation attack, executed with unusual capital efficiency.

Mango Markets used live price feeds for MNGO/USDC — derived from on-chain spot-market prices — to value collateral held in its lending system. A user who deposited MNGO tokens as collateral could borrow other assets against the MNGO value, with the borrowing capacity determined by the MNGO price multiplied by the deposited amount.

Eisenberg funded two trading accounts with approximately $5 million each in USDC. He used account A to take a large long position in MNGO/USDC perpetual futures on Mango. Simultaneously, he used account B to aggressively buy MNGO on the thin spot markets that Mango’s oracle drew price data from, pushing the MNGO/USDC price from approximately $0.038 to roughly $0.52 in a matter of minutes — a 13× increase. Because account A held a massive MNGO long position and MNGO’s oracle-reported price had just risen 13×, account A now showed an enormous mark-to-market profit — and that mark-to-market profit was available as collateral in the Mango lending system.

Against that inflated collateral, account A borrowed $114 million across every token available in Mango’s treasury — USDC, USDT, SOL, BTC, MNGO, and others — and withdrew them. Since the borrowed funds drew down Mango’s actual liquidity, and the collateral supporting them was artificial (dependent on a manipulated oracle price), Mango was left with a hole in its balance sheet of approximately $114 million. The MNGO price quickly fell back toward its pre-manipulation level once Eisenberg stopped buying, leaving account A’s collateral worth a fraction of the borrowed sum — an effective default against the protocol.

The attack required no bug in the smart contract code. The oracle mechanism worked exactly as designed: it read price from the spot market, and Eisenberg moved the spot market. The vulnerability was a design choice — using live, manipulable spot-market prices as collateral oracles in a system where a single actor could move those prices with a sufficiently large capital allocation.

Timeline

• 11 October 2022 — Eisenberg funds two Mango Markets accounts with approximately $10 million total USDC.
• 11 October 2022 — Eisenberg buys MNGO spot aggressively, pushing MNGO/USDC price approximately 13× from $0.038 to ~$0.52; borrows $114 million against inflated collateral and withdraws it from Mango’s treasury.
• 11–12 October 2022 — Eisenberg posts publicly on Twitter claiming the actions were legal “open market” trading.
• 12–15 October 2022 — Eisenberg uses acquired MNGO tokens to vote in a Mango governance proposal awarding himself a $47 million “bug bounty” in exchange for returning approximately $67 million; proposal passes.
• October 2022 — Mango Markets team returns partial funds per the governance outcome; protocol treasury severely depleted.
• December 2022 — US federal law enforcement arrests Eisenberg in Puerto Rico; charged with commodities fraud, commodities manipulation, and wire fraud.
• April 2024 — Eisenberg convicted on all counts in SDNY.
• 2024 — Sentenced; exact sentence not publicly confirmed at the time of writing.

What defenders should learn

The Mango Markets exploit is primarily a design lesson, not a code-security lesson. No smart contract bug was exploited. The protocol worked as intended. The design that was intended — using live spot-market prices as collateral oracles — was the vulnerability. The security lesson is that any price oracle used to determine collateral value must be resistant to manipulation by a single actor with a large but realistic capital allocation.

The standard mitigations for oracle manipulation are well established: use time-weighted average prices (TWAPs) rather than spot prices, so that a short-duration spike cannot immediately be leveraged as collateral; draw oracle prices from multiple independent sources and use a median rather than a single feed; impose position-size limits that prevent a single actor from acquiring collateral exposure large enough to make oracle manipulation profitable; and circuit-break lending functionality when collateral prices move by anomalously large amounts in short time windows. Mango’s design applied none of these mitigations adequately given the liquidity depth of MNGO markets.

The governance manipulation tactic is the second lesson. DAO governance is a legitimate and important feature of decentralised protocols — it provides community oversight and the ability to respond to crises. But governance that is controlled by token votes can be controlled by whoever holds the tokens, and an attacker who has just stolen the protocol’s treasury may be the largest token holder. Governance systems that will be used to adjudicate the response to an ongoing attack should have either time-locks that prevent the attacker from voting on their own case, multi-signature requirements that require participation from a distributed set of identifiable actors, or explicit emergency pause mechanisms controlled by a trustee independent of governance.

The legal outcome is the definitional lesson for the DeFi industry. Eisenberg’s public claim that his actions were legal “open market actions” was a genuine legal theory held by some in the DeFi community — that if the code permits an action, the action is by definition legitimate. The SDNY jury rejected that theory. Market manipulation is illegal under US commodities law whether it occurs on a traditional exchange or a blockchain-based protocol. The prosecution did not require that the code be defective; it required only that Eisenberg’s intent was to artificially move the price of a commodity. The case sets a clear precedent that DeFi protocol design choices do not create legal safe harbours for conduct that would be illegal in traditional markets.