DOJ arrests man behind brazen $100 million attack on Mango Markets

A man who admitted to launching the more than $100 million hack against crypto platform Mango Markets was arrested in Puerto Rico, the Justice Department announced on Tuesday. 

Avraham Eisenberg appeared in court in the Southern District of New York following his arrest. An unsealed indictment charges Eisenberg with commodities fraud and commodities manipulation for his role in exploiting Mango Markets, a decentralized cryptocurrency exchange that has its own native crypto token, called MNGO.

FBI agent Brandon Racz, who was tasked with investigating the case, found that in October Eisenberg “participated in a scheme to steal approximately $110 million by artificially manipulating the price of MNGO Perpetuals," a type of futures contract on the Mango Markets platform.

Racz said Eisenberg effectively sold a large amount of MNGO to another account he controlled, artificially increasing the price of the coin in a span of 20 minutes.

“Because Mango Markets allows investors to borrow and withdraw cryptocurrency based on the value of their assets on the platform, the increase in the value of the MNGO Perpetuals Eisenberg had purchased allowed Eisenberg to borrow, then withdraw, approximately $110 million worth of various cryptocurrencies from Mango Markets, which came from deposits of other investors in the Mango Markets exchange,” Racz said.

Eisenberg had no plans to repay the borrowed money, Racz said. After he withdrew his deposits on the platform, the price of MNGO Perpetuals fell, leading to losses among other investors.

Eisenberg used photos of his passports to verify his accounts, according to the FBI, and all of the financial transactions he conducted were recorded on the blockchain. 

Between October 11 and 13, officials connected to Mango Markets began negotiating with Eisenberg in the hopes that he would return some of the funds that had been taken. 

The two sides eventually agreed on a deal that would see Eisenberg return about $67 million to Mango Markets, and in exchange the company agreed to “waive certain civil claims and refrain from pursuing criminal investigations or attempting to freeze assets taken during the scheme.”

Eisenberg sent the cryptocurrency and then took to Twitter to claim credit for the attack. On October 15, he wrote that he believed all of his trades “were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are.”


“Unfortunately, the exchange this took place on, Mango Markets, became insolvent as a result, with the insurance fund being insufficient to cover all liquidations. This led to other users being unable to access their funds,” he admitted.

“To remedy the situation, I helped negotiate a settlement agreement with the insurance fund with the goal of making all users whole as soon as possible as well as recapitalizing the exchange.”

He later said his deal with Mango Markets meant “all users will be able to access their deposits in full with no loss of funds.”

The indictment references these tweets and notes that on October 12, Eisenberg flew from the U.S. to Israel in “an effort to avoid apprehension by law enforcement in the immediate aftermath of the Market Manipulation Scheme.”

The affidavit, signed on December 23, does not say when Eisenberg arrived in Puerto Rico. 

Blockchain security company CertiK said several other people have used Eisenberg’s scheme to manipulate cryptocurrency platforms, like Lodestar earlier in December, and Moola Market in November. 

“In both cases, the attacker borrowed the illiquid native token of the lending platform, manipulated the price higher, and then used this newly-inflated value of their collateral to borrow more of the protocol’s assets,” a CertiK expert told The Record. 

“The risks of using illiquid tokens as collateral assets on lending platforms was made clear with the Mango Market exploit (or 'highly profitable trading strategy' as the exploiter called it). Users who have assets deposited into similar lending platforms should investigate to see if their assets are at similar risk of being drained by such a strategy. Collateral assets should be highly liquid, which makes this kind of manipulation much more difficult.”

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.
No previous article
No new articles

Jonathan Greig

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across the globe as a journalist since 2014. Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia. He previously covered cybersecurity at ZDNet and TechRepublic.