Get the scoop on finance - sign up for mobile alerts
Scams, Hacks & Breaches
| On
March 10, 2023

Crypto Hackers Stole $386,200,000 From DeFi Protocols via ‘Oracle Manipulation Attacks’ in 2022: Chainalysis

By Conor Devitt

One specific method of hacking decentralized finance (DeFi) protocols is on the rise, according to blockchain data platform Chainalysis.

In a new blog post, the market intelligence firm estimates that hackers stole a total of $386.2 million from DeFi protocols in 2022 using a type of attack known as “oracle manipulation.”

ADVERTISEMENT

Oracle manipulation involves hackers artificially inflating the trading volume of a low-liquidity token on a DeFi protocol, which is designed to spike the token’s price.

Chainalysis notes that hackers will often use flash loans to secure the initial capital needed to inflate the token’s trading volume, then trade the designated token for a more stable crypto asset after pumping up the price.

The firm estimates there were 41 separate oracle manipulation attacks in 2022, and it points to last October’s $100 million exploit of Solana-based (SOL) decentralized crypto exchange Mango Markets (MNGO) as a prime example of what that kind of hack looks like.

Avraham Eisenberg, who runs a trading firm and describes himself as a “digital art dealer,” went public the week after the incident, claiming he was the brains behind what he described as a “legal” exploit of Mango.

ADVERTISEMENT

Eisenberg argued he was involved with a trading team that had a highly profitable strategy. The scheme left the decentralized exchange insolvent and users unable to access their funds.

Chainalysis outlines how Eisenberg kicked off the attack with $10 million worth of USD Coin (USDC) in two separate accounts at Mango Markets.

“Eisenberg used one account to short 488 million MNGO (MNGO, or Mango, is the governance token for Mango Markets) — effectively selling 488 million MNGO on leverage — while the other account took the opposite side of that trade, using leverage to buy the same amount.

Eisenberg’s leveraged purchase of MNGO, combined with further buying of MNGO on other DEXes, pushed the price of MNGO up very quickly on spot exchanges. This was possible because MNGO was a low-liquidity asset without much trading volume. The account used to purchase MNGO immediately profited roughly $400 million in paper gains because all of Eisenberg’s buying activity significantly boosted the asset’s price.

With such a high portfolio value, Eisenberg was able to borrow against his artificially inflated MNGO holdings and remove virtually all of the assets held by Mango Markets. This activity caused MNGO’s price to drop immediately, so his long positions were liquidated due to loss of collateral value, but it was too late — Eisenberg had already ‘borrowed’ all of Mango Market’s assets with any real value.”

ADVERTISEMENT

In December, Eisenberg was arrested by the U.S. Department of Justice (DOJ) in Puerto Rico on charges of commodities fraud and manipulation. In January, the Commodity Futures Trading Commission (CFTC) filed market manipulation charges against the trader, and later that month he was sued by Mango Markets.

In its 2023 Crypto Crime Report, Chainalysis notes that hackers stole a total of $3.8 billion from cryptocurrency businesses last year, the highest annual total ever.

Don't Miss a Beat – Subscribe to get email alerts delivered directly to your inbox
Check Price Action
Follow us on X, Facebook and Telegram
Surf The Daily Hodl Mix
&nbsp
Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.

Generated Image: Midjourney