CEO DailyCFO DailyBroadsheetData SheetTerm Sheet

A Solana hacker calls $67M he stole from the Mango platform a ‘profitable trading strategy’

October 17, 2022, 2:07 PM UTC
A scammer hacked OpenSea’s Discord servers on Thursday.
Photo illustration by Fortune; original photos by Getty Images

Picture a robber who breaks into a bank’s vault and steals millions of dollars—and then turns around and says he deserves to keep some of the loot as a reward for exposing the bank’s lax security. Some might be surprised to learn this sort of thing happens every week in the world of crypto.

The latest example involves a Solana-trading platform called Mango Markets, where a hacker last week stole $114 million by exploiting a price authority known as an oracle. The hacker tricked the oracle into inflating the value of a token by threefold, which let the hacker obtain three times the collateral to which he was entitled, and, in turn, to earn a far greater return than what he should have received.

The hacker, named Avraham Eisenberg, is unrepentant and described the robbery as a “highly profitable trading strategy” that was allowed by Mango’s code—even if Mango’s creators did not envision such behavior. It’s as if Eisenberg found a way to drain tens of millions from an online banking service and, when caught, declare, “Finders keepers.”

Mango’s token holders reluctantly accepted Eisenberg’s view of the situation, voting to let him keep $47 million so that he would return the other $67 million, which appears to have been just enough to keep Mango from falling into insolvency. Eisenberg’s windfall comes months after he reportedly robbed another project called Fortress DAO of $14 million.

Surprisingly, many in the decentralized finance community appear to be okay with Eisenberg’s behavior: In a poll, 45% voted to say his actions were legitimate on the grounds that “code is law.” Critics, however, object to not only what he did but to his greed—keeping far more than would be awarded as part of a typical “bug bounty” program that rewards hackers for pointing out software vulnerabilities.

For many in the crypto world, the Mango episode is an interesting tale of audacity from a clever hacker. But for everyone else, the hack is just another example of how DeFi—and Solana in particular—is rife with criminals and gaping security holes. The sector has to do better if it wishes to go mainstream.

Jeff John Roberts
jeff.roberts@fortune.com
@jeffjohnroberts

DECENTRALIZED NEWS

A new DeFi dashboard cited by Axios reveals Tether has frozen nearly $500 million of its stablecoin, likely in response to law enforcement demands; Tether may still be earning interest on the funds.

CEO Brian Armstrong said he will sell 2% of his Coinbase holdings in the next year to fund scientific research, including at companies dedicated to life extension.

A group of hacking victims are pursuing a collective arbitration action against Coinbase Wallet, claiming the software had vulnerabilities the company failed to patch.

As speculators and celebrities flee the NFT market, bargain hunters have swooped in, snapping up Bored Apes and other collections on the cheap.

The gold bullion industry, which revolves around gold bars stored in London vaults, is exploring a move to a blockchain-based system that would improve efficiency and transparency.

MEME O’ THE MOMENT

Bloomberg wit Matt Levine on DAOs:

This is the web version of Fortune Crypto, a daily newsletter. Sign up here to get it delivered free to your inbox.