One specific method of hacking decentralized finance (DeFi) protocols is on the rise, according to blockchain data platform Chainalysis.
In a new blog post, the market intelligence firm estimates that hackers stole a total of $386.2 million from DeFi protocols in 2022 using a type of attack known as “oracle manipulation.”
Oracle manipulation involves hackers artificially inflating the trading volume of a low-liquidity token on a DeFi protocol, which is designed to spike the token’s price.
Chainalysis notes that hackers will often use flash loans to secure the initial capital needed to inflate the token’s trading volume, then trade the designated token for a more stable crypto asset after pumping up the price.
The firm estimates there were 41 separate oracle manipulation attacks in 2022, and it points to last October’s $100 million exploit of Solana-based (SOL) decentralized crypto exchange Mango Markets (MNGO) as a prime example of what that kind of hack looks like.
Avraham Eisenberg, who runs a trading firm and describes himself as a “digital art dealer,” went public the week after the incident, claiming he was the brains behind what he described as a “legal” exploit of Mango.
Eisenberg argued he was involved with a trading team that had a highly profitable strategy. The scheme left the decentralized exchange insolvent and users unable to access their funds.
Chainalysis outlines how Eisenberg kicked off the attack with $10 million worth of USD Coin (USDC) in two separate accounts at Mango Markets.
“Eisenberg used one account to short 488 million MNGO (MNGO, or Mango, is the governance token for Mango Markets) — effectively selling 488 million MNGO on leverage — while the other account took the opposite side of that trade, using leverage to buy the same amount.
Eisenberg’s leveraged purchase of MNGO, combined with further buying of MNGO on other DEXes, pushed the price of MNGO up very quickly on spot exchanges. This was possible because MNGO was a low-liquidity asset without much trading volume. The account used to purchase MNGO immediately profited roughly $400 million in paper gains because all of Eisenberg’s buying activity significantly boosted the asset’s price.
With such a high portfolio value, Eisenberg was able to borrow against his artificially inflated MNGO holdings and remove virtually all of the assets held by Mango Markets. This activity caused MNGO’s price to drop immediately, so his long positions were liquidated due to loss of collateral value, but it was too late — Eisenberg had already ‘borrowed’ all of Mango Market’s assets with any real value.”
In December, Eisenberg was arrested by the U.S. Department of Justice (DOJ) in Puerto Rico on charges of commodities fraud and manipulation. In January, the Commodity Futures Trading Commission (CFTC) filed market manipulation charges against the trader, and later that month he was sued by Mango Markets.
In its 2023 Crypto Crime Report, Chainalysis notes that hackers stole a total of $3.8 billion from cryptocurrency businesses last year, the highest annual total ever.
Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inboxGenerated Image: Midjourney