How Avraham Eisenberg Drained $115M from Mango Markets with a $10M Price Pump
On October 11, 2022, Avraham Eisenberg publicly claimed credit for what he called a 'highly profitable trading strategy.' What he actually did was drain Mango Markets - a Solana-based decentralized exchange - of $116 million in under 40 minutes using nothing more than two wallets, roughly $10 million in USDC, and a manipulation of the MNGO token's spot price across three exchanges. No smart contract was hacked. No private key was stolen. The oracle worked exactly as designed. That is precisely what made this so dangerous - and so instructive for every DeFi protocol relying on a price feed for collateral valuation.
What Happened
Mango Markets was a full-featured decentralized exchange on Solana offering spot trading, perpetual futures, and cross-margin lending. Users could deposit assets as collateral and borrow against them, with collateral values determined in real time by Pyth Network and Switchboard oracle feeds.
The native governance token, MNGO, was thinly traded and had low liquidity across all venues. On the night of October 11, the attacker funded two wallets with $5 million USDC each, opened a self-matched perpetual futures position of 483 million MNGO contracts between those two wallets at $0.0382 per contract, and then began aggressively buying spot MNGO on Mango Markets, AscendEX, and FTX. Within minutes the MNGO spot price spiked from $0.038 to as high as $0.91 - a 2,300% increase.
Because Mango Markets used oracle prices to value open positions for collateral purposes, the attacker's long perp position (held by Wallet 2) was suddenly worth over $400 million on paper. He immediately borrowed $116 million in USDC, SOL, BTC, and other liquid assets against that inflated collateral, then withdrew everything. When MNGO inevitably crashed back to $0.02 minutes later, the borrow position was deeply underwater - but the funds were already gone. The protocol's insurance fund and treasury were wiped out.
How Oracle Price Manipulation Works
Most DeFi lending protocols rely on external price oracles to value collateral. The oracle reports a price; the protocol multiplies it by collateral quantity; the result determines how much a user can borrow. This works well when the underlying market is deep and liquid. It fails catastrophically when the oracle's price source can be moved cheaply.
In Mango Markets' case, both Pyth and Switchboard aggregated prices from a small set of exchanges. MNGO was a low-cap governance token with thin order books on every venue. Buying $4 million of spot MNGO across three exchanges was enough to push the reported aggregate price from $0.038 to above $0.15 (some real-time feeds peaked higher). Because the protocol had no TWAP requirement, no circuit breakers, and no sanity cap on collateral price movement, the oracle update was treated as ground truth - and $116 million in real assets were lent against it.
Critically, the oracles themselves did not malfunction. Pyth reported a real weighted average of real trades on real exchanges. The protocol's mistake was trusting a manipulable spot price without any friction or delay.
// VULNERABLE: using raw oracle price with no staleness or volatility check
// An attacker who can move the spot price on thin markets
// can inflate collateral value arbitrarily
pub fn get_collateral_value(
oracle_price: I80F48, // raw price from Pyth/Switchboard
token_amount: I80F48,
_asset_weight: I80F48, // weight is applied but price is unchecked
) -> Result<I80F48> {
// No TWAP, no circuit breaker, no staleness check, no price cap
let collateral_value = oracle_price
.checked_mul(token_amount)
.ok_or(error!(ErrorCode::MathOverflow))?
.checked_mul(_asset_weight)
.ok_or(error!(ErrorCode::MathOverflow))?;
Ok(collateral_value)
}
// Borrow limit is now directly controlled by whoever can move the oracle price.
// On a thinly traded governance token, that attacker cost may be $4M.
// The payout at $116M makes the trade obviously worthwhile.
The Attack - Step by Step
Step 1 - Setup: Attacker funds Wallet A and Wallet B each with $5M USDC sourced from Binance and OTC desks, routed through Solana.
Step 2 - Self-matched futures: Wallet A places a sell order for 483 million MNGO perpetual futures at $0.0382. Wallet B immediately buys all of them. Both sides of the trade belong to the attacker. At open, they net to zero PnL.
Step 3 - Oracle pump: The attacker buys approximately $4M in spot MNGO across Mango Markets, AscendEX, and FTX over roughly 10 minutes. Thin order books absorb the buying pressure and MNGO price spikes to $0.91 on some venues, with oracle aggregates updating to $0.15 and above.
Step 4 - Collateral inflation: Wallet B's long perp position is now worth hundreds of millions in unrealized profit. Mango Markets counts unrealized perp PnL as borrowable collateral.
Step 5 - Drain: Wallet B takes out loans totaling $116M in USDC, SOL, MSOL, BTC, USDT, and other tokens - exhausting every liquidity pool on the platform.
Step 6 - Exit: Funds are withdrawn to external wallets. MNGO spot collapses. Wallet A's short position (the other side of the self-matched trade) profits from the crash, partially offsetting the cost of the pump. Net attacker cost: roughly $10M for a $116M extraction.
Total elapsed time: approximately 40 minutes.
Building Oracle-Resistant Protocols
The Mango Markets attack is a textbook case of what happens when a protocol conflates 'reported price' with 'safe collateral value.' There are several concrete defenses that would have stopped or severely limited this attack.
Time-Weighted Average Price (TWAP): Instead of using the current oracle price, protocols should use a TWAP over a meaningful window - typically 30 minutes to several hours for thin-cap assets. An attacker cannot sustain a 2,300% price pump for 30 minutes without spending far more than any possible extraction. Even a 5-minute TWAP would have cut the inflated collateral value by an order of magnitude.
Collateral price caps and circuit breakers: Protocols should enforce maximum price movement thresholds between consecutive oracle updates. If an asset price moves more than X% in a single epoch, lending against it should pause automatically until volatility normalizes.
Asset-specific risk parameters: Not all collateral carries the same manipulation risk. A governance token for a small protocol is far more manipulable than BTC or SOL. Lending protocols should apply haircuts - or outright exclusions - to low-liquidity tokens, regardless of their oracle-reported price. Mango allowed MNGO perp PnL to serve as first-class collateral with no haircut.
Position size limits relative to market depth: If a single user's position represents a significant fraction of the token's total liquidity, that is a red flag. Protocols can track on-chain position concentration and throttle borrowing against assets where one account holds outsized exposure.
use std::cmp::min;
const MAX_ORACLE_AGE_SLOTS: u64 = 25; // ~10 seconds on Solana
const MAX_PRICE_DEVIATION_BPS: u64 = 1_500; // 15% max move from TWAP
const TWAP_WINDOW_SLOTS: u64 = 4_500; // ~30-minute TWAP window
pub fn get_safe_collateral_value(
oracle_price: I80F48, // current spot price from oracle
twap_price: I80F48, // 30-min TWAP stored on-chain
last_update_slot: u64,
current_slot: u64,
token_amount: I80F48,
asset_weight: I80F48,
low_liquidity_haircut: I80F48, // extra haircut for thin-cap assets
) -> Result<I80F48> {
// 1. Staleness check - reject stale oracle data
let slot_delta = current_slot.saturating_sub(last_update_slot);
require!(slot_delta <= MAX_ORACLE_AGE_SLOTS, ErrorCode::OracleStale);
// 2. Deviation check - if spot has moved more than 15% from TWAP, use TWAP
let deviation = oracle_price
.checked_sub(twap_price)
.ok_or(error!(ErrorCode::MathOverflow))?
.checked_abs()
.ok_or(error!(ErrorCode::MathOverflow))?
.checked_div(twap_price)
.ok_or(error!(ErrorCode::MathOverflow))?;
let max_deviation = I80F48::from_num(MAX_PRICE_DEVIATION_BPS) / I80F48::from_num(10_000u64);
let safe_price = if deviation > max_deviation {
// Price has moved too far from TWAP - fall back to TWAP
// This prevents a short-duration pump from inflating collateral
twap_price
} else {
oracle_price
};
// 3. Apply collateral weight AND low-liquidity haircut
let collateral_value = safe_price
.checked_mul(token_amount)
.ok_or(error!(ErrorCode::MathOverflow))?
.checked_mul(asset_weight)
.ok_or(error!(ErrorCode::MathOverflow))?
.checked_mul(low_liquidity_haircut)
.ok_or(error!(ErrorCode::MathOverflow))?;
Ok(collateral_value)
}
// A 2,300% MNGO price spike would be caught at step 2.
// The TWAP - averaging 30 minutes of ~$0.038 prices - would be used instead.
// Borrowable value against the manipulated position: near zero.
Governance and Economic Attack Surfaces
After the exploit, Eisenberg did something unusual: he negotiated through governance. He proposed a vote on the Mango DAO - if the community agreed to let him keep approximately $47 million as a 'bug bounty,' he would return the remaining $67 million, drop any claims against Mango, and the DAO would agree not to pursue legal action against him.
The DAO voted yes. The funds were returned in part. Then Eisenberg was arrested in Puerto Rico in December 2022, charged by the DOJ, SEC, and CFTC with commodities and securities fraud. His criminal convictions were later overturned on venue grounds by a federal judge in 2025, but the civil regulatory cases continued.
This governance angle is a secondary attack surface that most protocol audits do not cover. Mango's governance allowed any large token holder to propose and pass binding decisions - including decisions about what to do with stolen funds. The attacker used the same governance system as a negotiation lever. Protocols that hold significant treasury assets, control over protocol parameters, or emergency admin powers via governance need to think carefully about quorum thresholds, time locks, and proposal veto rights.
More broadly, the Mango attack demonstrated that economic design vulnerabilities - market depth assumptions, oracle input quality, collateral risk tiering - are attack surfaces just as real as buffer overflows or reentrancy bugs. They just require a Bloomberg terminal instead of a disassembler.
RedPen Takeaway
When RedPen audits DeFi lending or margin protocols on Solana, oracle safety is a first-class review category - not an afterthought. We check whether the protocol uses a TWAP or only spot prices for collateral valuation, how wide the TWAP window is relative to asset liquidity depth, whether stale oracle data is rejected with a hard slot-delta check, whether there are per-asset price deviation circuit breakers that pause lending when volatility spikes, how the protocol risk-tiers collateral by liquidity (thin governance tokens must carry larger haircuts than BTC or SOL), and whether unrealized perpetual PnL can be used as collateral - a pattern that directly enabled the Mango Markets attack. We also review governance architecture for economic attack surfaces: quorum requirements, time locks on treasury proposals, and whether a single large holder can unilaterally pass emergency measures. Oracle manipulation is an economic vulnerability, not a code bug. Catching it requires thinking like an attacker with capital - not just a developer with a disassembler.
Is your protocol's oracle design an attack surface? RedPen audits economic security and price oracle risk in Solana DeFi - before someone else finds it first.
RedPen audits Anchor programs for exactly this class of vulnerability. Get your program reviewed before mainnet.