October has been a record month for crypto criminals, with nearly $720 million lost to anonymous hackers so far, according to Chainalysis.
Generally, blockchain bandits are very careful about hiding their identity, obscuring their movements via bridges, exchanges or privacy tools such as Tornado Cash, which was sanctioned by the US Treasury in August.
But the alleged identity of the man behind one of the month’s larger losses, Tuesday’s >$100 million manipulation of Mango Markets, was revealed by independent investigator Chris Brunet, less than 24 hours after the attack took place.
An article accusing Avraham Eisenberg, a self-described “digital art dealer,” contains screenshots of a Discord conversation in which the account AvrahamEisenberg#5451 discusses the details of the attack, days before it takes place. He’s also shown to have claimed the blockchain address ponzishorter which funded the attack as his own, back in June.
When prompted by another user to disclose the vulnerability, he rejects the idea based on the assumption that the project’s treasury is too small to pay out a generous bug bounty. In fact, following the attack, the hacker used freshly stolen funds to create and vote on a governance proposal that would reward them with a bounty of over half the hacked amount.
Eisenberg’s response to the screenshots, also published in the same article claims he’d been “exploring a number of lending platforms with exposure to low-cap coins,” but doesn’t mention Mango Markets specifically.
This isn’t the first time Eisenberg has been accused of DeFi foul play
An address linked to the ponzishorter account was used in a manipulation of lending protocol Fuse’s liquidation mechanism in April.
And in February, he was accused of embezzling $14 million from Fortress DAO, a project for which he was lead developer. Allegedly, Eisenberg abused the project’s treasury redemption mechanism, meant to redistribute remaining funds to token holders as the DAO closed down operations.
However, he’s not always successful as Kleros founder Clément Lesaege made clear while describing his attempts to exploit the “decentralized arbitration protocol,” via its claims process.
Not content with only blockchain-based disputes, Eisenberg even sued a small town in New York State after falling on ice. He may be an expert market manipulator, but it seems nobody is safe from slippage.
Law enforcement is always playing catch-up
On-chain detective work is often a thankless task. The sheer volume of shady practice related to cryptocurrency, NFTs, and DeFi mean that revelations are often rapidly forgotten.
Nothing stops a scammer from setting up a new blockchain address and Twitter profile, and making a fresh start under a different pseudonym. The technical understanding necessary for law enforcement to take claims seriously can also be a blocker to bringing those responsible to justice, though not always.
In Eisenberg’s case, the relatively simple nature of the slip-ups, especially for someone who is clearly a crypto expert, make it seem that he may subscribe to the popular belief amongst hackers that “code is law.”
But in the face of the on-chain evidence and FTX’s claim to be investigating the Mango Markets case, he, too, may soon get the opportunity to test his beliefs in court.
Edit 10:15 UTC, Oct 16: Since this article’s publication, Eisenberg has contacted Protos to address the allegations regarding Mango Markets and the comments by Kleros founder Clément Lesaege.
Regarding Mango Markets, Eisenberg released a detailed statement via Twitter:
Addressing the comments from Lesaege, Eisenberg, claims:
“In February, Fortress DAO voted for a full redemption of the Treasury and I helped implement that. By the end of March, this redemption was complete and any fort token holders were able to exit for a proportional share of the Treasury.
“Clement Lesaege, ran a 51% attack on his own protocol. He had put millions of dollars into the Unslashed insurance pool, and then when claims were made, he used his substantial PNK holdings to deny millions of dollars of legitimate insurance claims to line his own pocket. I documented this fraud extensively at my Deep Fi Value blog in a post titled, The Kleros Experiment Has Failed.”