The Mango Markets case is the one I bring up when people ask whether on-chain evidence alone is enough to prosecute DeFi exploits. Short answer: it wasn't.
On October 11, 2022, Avraham Eisenberg — self-described "applied game theorist" — exploited the way Mango Markets priced collateral. Mango was a Solana-based lending protocol that relied on an oracle averaging MNGO token prices from three exchanges: FTX, AscendEX, and Serum. All three had shallow order books.
Eisenberg bought MNGO across all three simultaneously, driving the price up by over 1,300% in under 40 minutes. The inflated oracle price made Mango's smart contracts think his collateral was worth far more than it was. He borrowed $110 million against those paper gains and withdrew. No terms of service prohibited this. No human intermediary could have stopped it. The oracle reported what it saw, and the contracts did what they were programmed to do.
How the oracle created the opening
Mango's oracle averaged prices from just three low-liquidity sources. A few million dollars was enough to move all three at once. The chain of dependencies was straightforward: coordinated buys moved the oracle price, the oracle updated on-chain collateral valuations, and the lending contract automatically extended borrowing capacity.
Any oracle aggregating from fewer than five low-liquidity sources should be considered structurally exposed to this exact attack pattern.
The 40-minute timeline
Two wallets, each funded with $5M USDC. At 18:25 EST, Wallet A sold 483 million MNGO perpetual futures at $0.038; Wallet B bought them all — creating offsetting positions controlled by the same actor. Over the next 20 minutes, three more accounts bought MNGO on Mango, AscendEX, and FTX, pushing the price from $0.038 to roughly $0.91.
Wallet B borrowed $110M against the inflated collateral and withdrew. By 18:45, buying stopped. The price collapsed. Other depositors absorbed the losses.
The legal outcome
Eisenberg was charged with commodities fraud, market manipulation, and wire fraud. Convicted in 2024. Then in May 2025, Judge Subramanian vacated everything.
Two reasons. First, wrong venue — Eisenberg traded from Puerto Rico, and the connections to New York were too thin. Second, no false representations — because Mango's contracts were permissionless with no terms of service, the court found there was nobody to defraud and no rules to violate.
Prosecutors have appealed the wire fraud acquittal. Separately, Eisenberg is serving four years for unrelated charges and faces civil suits from the SEC and CFTC.
What this means for investigators
The on-chain evidence in this case is clean. You can reconstruct every trade, every oracle update, every borrowing event with precise timestamps. The technical proof of manipulation is about as strong as it gets.
But that wasn't enough. Venue rules, the regulatory status of the platform, and whether permissionless protocols even have "rules" to break — these legal questions determined the outcome more than the evidence itself.
I think about this case whenever I'm writing up a DeFi investigation. The mechanics matter, but so does mapping your findings onto the legal framework that would actually apply. Technical proof and legal prosecutability are two different things.