Mango Markets: The $114 Million “Profitable Trading Strategy”
In October 2022, Avraham Eisenberg executed one of the most brazen thefts in DeFi history and then posted about it on Twitter. He called it “a highly profitable trading strategy” and argued that manipulating a market was not the same as stealing from it. He was wrong about the law. But the mechanics of what he did exposed a genuine flaw in how perpetual futures protocols count unrealized profits as collateral.
What Eisenberg Did
Eisenberg funded two accounts with $5 million USDC each. He used Account A to open a 483 million MNGO short on Mango’s perpetual markets, and Account B to open the matching long. The positions offset each other—at current prices, neither would profit or lose.
Then he pumped the MNGO spot price.
MNGO was a low-liquidity token. Trading on FTX and Ascendex, Eisenberg pushed the price from roughly $0.038 to a peak of $0.91 in about 20 minutes—a 24x increase. Because Mango’s oracle read this spot price to value perpetual positions, Account B’s unrealized profit ballooned to approximately $423 million on paper.
Mango Markets allowed users to borrow against their account equity, which included unrealized perpetual profits:
// Simplified vulnerable logic
function getAccountValue(address user) public view returns (uint) {
uint spotCollateral = getSpotDeposits(user);
uint perpPnL = getUnrealizedPerpPnL(user); // Reads oracle price
return spotCollateral + perpPnL; // Sum used as borrow collateral
}
function borrow(address token, uint amount) external {
uint accountValue = getAccountValue(msg.sender);
uint borrowLimit = accountValue * maxLTV / 100;
require(amount <= borrowLimit);
_transferToBorrower(token, msg.sender, amount);
}With $423 million in “equity,” Eisenberg borrowed against it until the protocol was empty: 116 million USDC and a mix of other tokens, totaling approximately $114 million in real assets. He left behind a worthless long position and Account A’s short, which was eventually liquidated.
Why There Was No Bug to Find
Security auditors reviewing Mango’s code before the attack would not have found a vulnerability. The contracts did exactly what they were designed to do. The getAccountValue function correctly read from the oracle. The borrow function correctly compared amounts to account equity. The oracle correctly reported the market price.
The flaw was economic, not technical: allowing unrealized perpetual profits to serve as borrow collateral, combined with an oracle that had no protection against rapid price movement on thin markets.
The oracle aggregated prices from multiple exchanges but applied no outlier rejection, no rate-of-change limits, and no time-weighted averaging. A sufficiently capitalized actor could move the price on low-liquidity venues and have that artificial price immediately reflected in collateral calculations.
Mango’s MNGO token had roughly $2.1 million in 24-hour volume before the attack. Eisenberg needed about $10 million to move it 24x. The math worked in his favor because the protocol’s position limits were not calibrated to the token’s actual market depth.
The Governance Theater
After taking the funds, Eisenberg submitted a governance proposal. He offered to return $67 million in exchange for Mango covering the bad debt his attack created, and in exchange for the DAO agreeing not to pursue legal action.
The DAO, left with empty treasury accounts and no other options, voted to accept.
Eisenberg transferred $67 million back and kept approximately $47 million. He maintained publicly that the entire sequence—price manipulation, borrowing, governance negotiation—was legitimate arbitrage conducted through proper market mechanisms.
The Legal Outcome
In December 2022, Eisenberg was arrested in Puerto Rico. Federal prosecutors charged him with commodity fraud, commodity manipulation, and wire fraud. He was convicted in April 2024 on all counts.
The case established that manipulating an oracle price to extract funds from a DeFi protocol is fraud under existing U.S. law, regardless of whether the protocol code permitted the action. The argument that “the smart contract allowed it” was not a defense.
The Design Failure
Two decisions created the conditions Eisenberg exploited:
Unrealized PnL as collateral. Unrealized gains on a leveraged perpetual position are not real until the position is closed. Using them as hard collateral means the collateral can evaporate the moment the price reverts—which is precisely what happened with Account A’s short after the attack.
Oracle without circuit breakers. A price that moves 24x in 20 minutes on a token with $2 million daily volume is not a real price discovery event. A TWAP with even a 30-minute window would have dampened the manipulation to near-uselessness. A circuit breaker that paused borrowing when an oracle price moved more than some threshold per hour would have done the same.
The corrected approach for each:
// Only realized PnL counts toward borrowing
function getCollateral(address user) public view returns (uint) {
return deposits[user] + realizedPnL[user];
// Unrealized PnL tracked separately, excluded from borrow limit
}
// Price change rate limiting
uint constant MAX_PRICE_CHANGE_PER_HOUR = 50; // percent
function updatePrice(uint newPrice) external {
uint priceChange = abs(newPrice - lastPrice) * 100 / lastPrice;
uint timeSinceUpdate = block.timestamp - lastUpdate;
if (timeSinceUpdate < 1 hours && priceChange > MAX_PRICE_CHANGE_PER_HOUR) {
revert PriceChangeExceedsLimit();
}
lastPrice = newPrice;
lastUpdate = block.timestamp;
}Position limits based on actual market liquidity would add a third layer: if a token’s 24-hour volume is $2 million, the protocol probably shouldn’t allow a $400 million position denominated in that token.
What This Attack Class Looks Like
The Mango exploit was not unique in structure. Price oracle manipulation had been used to drain lending protocols before—Cream Finance, Compound with COMP, Inverse Finance. What made Mango notable was the scale of the manipulation relative to the underlying liquidity, the shamelessness of the public admission, and the governance negotiation that followed.
The pattern repeats because the underlying design tension is real: perpetual futures need mark prices from somewhere, and those prices will always be susceptible to manipulation if the underlying market is thin enough and the protocol’s position limits are set without regard to liquidity.
Protocols that use tokens with low market capitalization or trading volume as primary collateral need oracle designs that account for adversarial conditions, not just normal market behavior.