Mango Markets Exploiter Says Aave Could Be Vulnerable To A Similar Attack

Avraham Eisenberg, the trader who has claimed responsibility for the recent $116M Mango Markets exploit, has publicly revealed a potential way for highly capitalized entities to exploit the REN market on Aave V2.

According to Eisenberg’s proposed “trading strategy”, an entity would need to supply 100M USDC and borrow $85M worth of REN tokens against it. Then, with a different account, the entity would need to deposit the REN tokens and borrow 50M USDC, which would be used to buy more REN tokens. This process would need to be repeated multiple times.

The threat comes at a time when crypto investors are on edge about the potential for exploits and hacks in the space. Attackers have extracted $718M from DeFi protocols in October alone, making it the worst month on record according to Chainalysis. An exploit of Aave, one of the first and largest DeFi protocols, would further dampen confidence.

Buying tens or hundreds of millions of dollars worth of REN would send its price soaring and allow the entity to borrow more against its deposited collateral. In case of a 10-fold increase in the price of REN, the entity would be able to borrow $500M worth of assets, while initially deploying only $100M, potentially netting $400M in profit. Starting with more capital increases the chances of success, according to Eisenberg.

The price of the REN token briefly spiked by 10% after Eisenberg’s tweet.

Hours earlier Eisenberg speculated about the size of a potential bounty from the Aave team if someone could successfully demonstrate the strategy on a testnet.

Eisenberg claimed that at least five funds have reached out to him, but that he is yet to hear from the Aave team.

Mango Exploit

On Oct.15, Eisenberg publicly admitted that he was involved in the $116M Mango Markets exploit. He claims that he worked with a team, and deems the exploit a “highly profitable trading strategy”. He contends that his actions are legal since he profited from the protocol’s flawed economic design.

A governance proposal passed on Oct.15 says that the holders of MNGO tokens will not pursue criminal charges or attempt to freeze assets if the agreed-upon tokens are returned. The assets would be used to pay off any bad debt caused by the exploit.

On the same day, Mango Markets confirmed that it had received various crypto assets amounting to $67M. Thus, Eisenberg and Company netted themselves a “bounty” of roughly $49M.

Renowned security researcher samczsun is of the opinion that the proposal was a bad-faith negotiation and cannot be considered a bug bounty.

According to polls on a prediction market called Manifold Markets, there’s a 12% chance of Eisenberg attempting his strategy on Aave, with an 11% chance of Eisenberg actually pulling it off.