Every possibility may not always be covered by code.
A hacker exploited a decentralized exchange using the rules written in the smart contract, making the exchange insolvent while raking in huge profits.
Later, he decided to return some funds to the exchange so the users wouldn’t be affected. However, he kept a large amount, or “bug bounty,” for himself. This was an exploit carried out within the term of the smart contract while leveraging some of the rules.
“Code is law” is the banner under which some people perform malicious actions by exploiting a loophole or bug in a code.
The exploit
Mango Markets (a decentralized crypto exchange on Solana) was exploited for $100+ million “big money” back in October.
The silver lining… It wasn’t a hack.
It was a design flaw in the mango markets that led to such events.
Two points to remember:
- Mango markets let users borrow and withdraw crypto assets based on the value of their assets on the platform.
- They also allow trading futures on their exchange with their native token, MNGO.
Now, This is how it all went down:
- A trader set up a long position (a bet that prices go up and he profits if it’s true) on Mango using futures trading.
- At the same time, the trader bought lots of mango tokens from the circulating supply on the exchange, causing the price to surge around ~1300% in 20 minutes.
- This made the futures bet come true, creating an instant profit for the trader.
- And, because the exchange allows users to borrow and withdraw money based on the value of their assets, they were able to take over $100 million in cryptocurrency (or all of the funds on mango markets).
The confession
This guy named “Avraham Eisenberg,” who runs “highly profitable trading strategies” is the one who carried out the Mango Market exploit, resulting in its insolvency.
According to him, he carried out everything within the books, and it was legal. He blamed Mango Markets and its developers for the poor design that allowed him to carry out the trade successfully.
Since the exchange went insolvent, he decided to carry out a “strategic discussion” with MangoDAO. He agreed that he would return some of the funds to the exchange only if they didn’t put him in jail.
Mango users agreed with the proposal, and he did return $67 million back to the exchange. However, he kept $40 million. A juicy “bug bounty” for himself.
The arrest (paired with the exploit and confession)
FBI open up…
The FBI saw it as commodities fraud and manipulation (The fun part).
He did the illegal stuff and confessed it on Twitter, and the “highly profitable trading strategies” guy got caught in Puerto Rico. He became the first U.S. resident to face charges for manipulating a Defi platform (at least, he got something out of it).
Now, this isn’t a question of good conduct or bad conduct.
Plus, This guy performed an awful lot of schemes last year where he exploited different protocols, and the mango markets were just one of them.
The only upside of the entire situation was that other decentralized exchanges could fix any such bug if it existed on their platform.
The downsides of “Code is law”
The problem seems to be with the very notion that “code is law.”
Some people believe that code is the actual law because it is unanimous once deployed, and they can exploit it if they stay within the terms of the code.
However, the code is written by developers, which is basically a series of conditions. There can be bugs in the code that make it vulnerable.
Code itself cannot be the law because there are different law’s in place to protect the people.
Developers should be very strict with their code and fix bugs to protect the platform from bad actors.
The effect on crypto space
As crypto is in its nascent phase, such problems will occur. But it is up to the people to become more responsible.
People who are capable of exploiting such flaws should notify the developers. The developers should reward them for their actions with a “bug bounty,” all while protecting users’ confidence by preventing a potential exploit of the platform.
However, all this is easier said than done.
We’ll see how this plays out as regulations are pushed into the crypto space. There will be an obvious need to create new laws to cater to the needs of new technology.
None of this is financial advice.
I hope you were able to get the message in this article. You can follow me for more content.
