Crypto exchange hacker nets $114m but returns $67m to pay back customers
Mango Markets exploit was achieved using ‘legal open market actions,’ hacker claims
Sign up to our free weekly IndyTech newsletter delivered straight to your inbox
Sign up to our free IndyTech newsletter
A hacker has returned $67 million (£59m) acquired from a crypto platform but kept $47m after claiming that his actions were legal.
Mango Markets suffered an exploit, whereby the price of its mango token was artificially inflated in order to then drain money from the popular exchange.
Avraham Eisenberg, who claims to be part of a group that carried it out, said the gains were part of a “highly profitable trading strategy”, though offered to return some of the funds after customers were unable to access their holdings.
The hacker, who describes himself as a digital art dealer, released a statement on Twitter explaining why he returned more than half of the money.
“I believe all of our actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are,” he wrote.
“Unfortunately, the exchange this took place on, Mango Markets, became insolvent as a result, with the insurance fund being insufficient to cover all liquidations. This led to other users being unable to access their funds.”
The hacker claimed that negotiations with the Mango Market’s insurance fund meant that no user funds would be impacted by his actions.
The Mango Markets community voted for Mr Eisenberg to keep $47m if he returned $67m in order to cover their deposits. In return, users agreed to not pursue any legal action.
“All Mango depositors will be made whole,” a community post stated.
“By voting for this proposal, mango token holders agree to pay off the bad debt with the treasury, and waive any potential claims against accounts with bad debt, and will not pursue any criminal investigation or freezing of funds once the token are sent back as described above.”
Some users objected to the deal, noting that the amount awarded was much higher than a bug bounty would have been if the exploit had been reported rather than carried out.
“We should give him less of a bounty because he is a criminal in no position to negotiate anymore,” one user wrote.
Another remarked: “I vote yes as the proposal puts the users – and their funds – first, however, with the Treasury mostly depleted, there are now serious concerns on the continuity of the project... How will founders be able to continue building Mango with close to zero funds.”
Mango Markets confirmed over the weekend that “$67m in various crypto assets” had been returned, adding that it would be meeting on Monday to discuss next steps.
Subscribe to Independent Premium to bookmark this article
Want to bookmark your favourite articles and stories to read or reference later? Start your Independent Premium subscription today.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies