Sometimes on-chain🔗 deal isn't enough to keep you out of jail. 🚪
Story of a hacker arrested for market manipulation after he returns partial funds.
Let’s Rewind to October 2022 at the Height of DeFi 📈 Hacks, where over 20+ hacks were executed in a span of 2 weeks.
One such hack was of Mango 🥭 Markets, Solana Labs’s flagship 🚢 margin trading protocol.
The attacker🐱👤 managed to spike the price of Mango 🥭 Markets’ native token MNGO and drained their lending pools, leaving the protocol with $115M of bad debt. 😱
In true DeFi style 😎, the attacker🐱👤 created a proposal on the MangoDAO to keep part of the amount as a bounty and not pursue any criminal investigations or freezing ❄ of funds. He voted for the proposal with the freshly acquired governance tokens from the hack. [Yes, the hacker was flexing 💪 his brain muscles.]
In the end, 💲47M was paid as a bounty and close to 💲67M was returned to the MangoDAO.
That's not it.
Amidst all this drama, the hacker's identity was revealed to Avraham [Avi] Eisenberg 👨. Yet it didn't deter the hacker from getting away with one of the largest Bounties in the History of Hacks.🐱👤
Or so he thought...
~~Jump to 27th December 2022~~
As promised, MangoDAO didn't pursue criminal charges against the hacker. However, this didn't stop one of the US attorneys to file a complaint against Avi Eisenberg for participating in a scheme in which he intentionally and artificially manipulated perpetual futures 📊 contracts on Mango Markets through Oracle Manipulation.
Avi Eisenberg was arrested on Monday📆 in Puerto Rico🗺 on Dec 27th.
This whole incident raises a few questions ❓
1. How much validity does an on-chain promise buy you in real life❓
2. What options do whitehat hackers are left with to expose security issues on DeFi protocols❓