Canada: Postponement Of Long-Awaited Mango Markets Criminal Trial On The Heels Of SBF Guilty Verdict: What's To Come?

The U.S. Attorney's Office for the Southern District of New York (the "US DA") was set to proceed to trial against Avraham Eisenberg on December 4, 2023¹ in relation to a $110 million exploit of the smart contract code for decentralized finance platform ("DeFi"), Mango Markets ("Mango"), which is alleged to have taken place in October 2022 (the "Exploit").² On November 2, 2023, Eisenberg's counsel sought a continuation to adjourn the trial to 2024 on the basis of needing more time to prepare due to the volume of discovery from the prosecution and Eisenberg's recent transfer to a less accessible correctional facility.³ Eisenberg's request for an adjournment landed on the same day as the conviction of Sam Bankman-Fried ("SBF") by a jury in the Southern District of New York. ⁴ The following day, on November 3, 2023, Eisenberg's request for a continuation was granted with his trial now set to begin on April 8, 2024.

The criminal prosecution of Eisenberg highlights the aggressiveness and consistency with which cryptocurrency crimes are being pursued by the US DA, but also the risks that Decentralized Autonomous Organizations ("DAOs") face when there are vulnerabilities and loopholes in their smart contracts. Eisenberg's criminal case also has important implications for the author's litigation in the Cicada 137 LLC v. Medjedovic matter, a leading Canadian case on DeFi attacks, seizure of disputed tokens, and another forum for the oft-cited 'Code is Law' defence.

The Exploit of Mango's Smart Contract

On October 11, 2022, Mango posted on X (formerly Twitter) that a "hacker was able to draft funds from Mango via an oracle price manipulation."⁵ The following day however, Coin Desk reported that a "rogue crypto trader", rather than a hacker, used the platform "exactly as intended" and was able to "drain over $116 million" by capitalizing on a lack of liquidity on the platform to manipulate the price of Mango tokens.⁶ Coin Desk and other sources have described how they believe the trader used $10 million to drain $116 million from Mango's platform based on a loophole or flaw in its smart contract.⁷

Eisenberg quickly identified himself as the trader who conducted the Exploit and on October 15, 2023 he posted on X that his "actions were legal open market actions, using the protocol as designed, even if the development team did not fully anticipate all the consequences of setting parameters the way they are."⁸ Coin Telegraph also reported that Eisenberg submitted a settlement proposal to Mango's governance body, Mango DAO, offering to return tokens from the Expoit in exchange for a number of conditions including a promise that Mango would not pursue criminal charges.⁹ While this proposal was not accepted by Mango's token holders, Mango's principals reportedly submitted a counterproposal for Eisenberg to return $67 million worth of tokens in exchange for allowing Eisenberg to retain $47 million as a 'bug bounty' and a promise not to pursue criminal charges in relation to the Exploit. Eisenberg reportedly accepted these terms and used millions of DAO tokens taken from the Exploit to vote in support of the settlement proposal.¹⁰

Despite the purported settlement, on December 26, 2022, Eisenberg was arrested by the FBI in San Juan, Puerto Rico,¹¹ which was only two weeks after SBF's arrest in the Bahamas.¹² On January 9, 2023, Eisenberg was indicted by the US DA for wire and commodities fraud, as well as market manipulation.¹³ While there are differences between the Exploit charges against Eisenberg and the crimes of which SBF has now been found guilty,¹⁴ the US DA pursued these cases on a similar timeline and with a consistent approach to be "relentless in rooting out corruption" in financial markets,¹⁵ including when such corruption takes place "in the cryptocurrency markets".¹⁶

In addition to criminal proceedings, on January 25, 2023, Mango commenced a civil action against Eisenberg alleging unjust enrichment, fraudulent misrepresentation, and conversion arising from the Exploit.¹⁷ This civil case proceeded despite the purported settlement between Mango and Eisenberg releasing him from all claims. Mango is seeking a declaratory judgment rescinding the settlement and declaring it unenforceable on the basis that DAO token holders agreed to the settlement under duress and were coerced into the agreement. At present, the civil action is stayed pending a determination in the criminal trial, with the stay having been granted after an intervenor motion by the US DA.¹⁸

Implications of the Exploit Trial

It is anticipated that Eisenberg's defence in the criminal trial will be premised on the argument that 'Code is Law' (i.e. Mango's smart contract code allowed for the Exploit and therefore the Exploit was legal). This would be consistent with Eisenberg's assertions that his "actions were legal... even if the development team did not fully anticipate all the consequences".¹⁹ The outcome of such a defence has important implications for DeFi platforms and DAOs in terms of their potential liability and recourse for vulnerabilities in smart contracts. It raises fundamental questions that go directly to the heart of DAO relationships, such as whether an exploit technically permitted by bad smart contract code can be a reasonably expected trade/arbitrage or 'use' as contemplated by token holders? Do those token holders have recourse only against bad actors for this improper use or do they also have recourse against the DAO principals and coders who, arguably, fell below a professional standard in utilizing bad smart contract code that permitted the exploit?

The criminal and civil cases against Eisenberg also highlight issues in the enforceability of settlements reached by DAOs on behalf of token holders. Agreements not to pursue criminal charges are most likely not enforceable. In the Canadian context, prosecutors make independent decisions of whether to pursue criminal charges based on the likelihood of a conviction and other public interest considerations. Prosecutions are not dependent on victims (or DAO token holders) seeking out or supporting the laying of charges. Similarly, agreements to release civil claims can be invalidated as unconscionable where a party agrees to the terms under duress. The outcome of both Eisenberg's criminal and civil matters are likely to affect the prospect of DOAs reaching future settlements with exploiters.

The outcome of the criminal trial, and the currently stayed civil action, against Eisenberg also have significant relevance to other pending civil and criminal cases where similar type exploits of bad DAO smart contracts might result in criminal charges or damages claims, including in Cicada 137 LLC v. Medjedovic (an alleged exploit of the Indexed Finance's smart contract code, as reported by Bloomberg Businessweek).²⁰ The authors will be watching the Eisenberg trial closely to follow how the 'Code is Law' defence plays out in the American criminal context and for other implications related to DeFi platform manipulation prosecution.

Stay tuned for further updates as Eisenberg's criminal trial gets underway.

Footnotes

1. Docket Entry from June 13, 2023 Status Conference, United States v Eisenberg, 1:23-cr-00010, (S.D.N.Y.), online.

2. Press Release Number 23-036: Alleged Perpetrator of $100 Million Crypto Market Manipulation Scheme To Make Initial Appearance In The Southern District of New York, Updated February 2, 2023, US Attorney's South District of New Work, online.; Complaint (Sealed), United States v Eisenberg, 1:23-cr-00010, (S.D.N.Y. Dec 23, 2022) ECF No. 1, online.

3. Letter Motion Seeking Continuation and Memo Endorsement, United States v Avraham Eisenberg, 23 Cr. 10 (AS), November 3, 2023, online.

4. Press Release Number 23-380: Statement of U.S. Attorney Damian Williams On The Conviction Of Samuel Bankman-Fried", Updated November 2, 2023, US Attorney's South District of New Work, online.

5. Mango [@mangomarkets], X (formerly Twitter) Post re: Oracle Price Manipulation, October 11, 2023, online.

6. Shaurya Malwa, "How Market Manipulation Led to a $100M Exploit on Solana DeFi Exchange Mango, October 12, 2022: online.

7. Shaurya Malwa, "How Market Manipulation Led to a $100M Exploit on Solana DeFi Exchange Mango, October 12, 2022: online; Jason Nelson, "Solana DeFi Trading Platform Mango Markets Loses $100M in Hack, October 11, 2022: online.

8. Jesse Coghlan, "Mango Markets exploiter said actions were 'legal', but were they?", October 18, 2022: online.

9. Zhiyuan Sun, "Mango Markets hacker proposes steep settlement", October 12, 2023: online.

10. Prajeet Nair, "Mango Markets Set to Pay 47M Bug Bounty to Hacker", October 15, 2023: online; Jesse Coghlan, "Mango Markets exploiter said actions were 'legal', but were they?", October 18, 2022: online.

11. Press Release Number 23-036: Alleged Perpetrator Of $100 Million Crypto Market Manipulation Scheme To Make Initial Appearance In The Southern District of New York, United States Attorney's Office South District of New York, Updated February 2, 2023: online.

12. Press Release Number 22-386:United States Attorney Announces Charges Against FTX Founder Samuel Bankman-Fried, United States Attorney's Office South District of New York, Updated December 13, 2022: online.

13. Press Release Number 23-036: Alleged Perpetrator Of $100 Million Crypto Market Manipulation Scheme To Make Initial Appearance In The Southern District of New York, United States Attorney's Office South District of New York, Updated February 2, 2023: online.

14. Press Release Number 23-380: Statement of U.S. Attorney Damian Williams On The Conviction of Samuel Bankman-Fried, United States Attorney's Office South District of New York, Updated November 2, 2023: online.

15. Press Release Number 23-380: Statement of U.S. Attorney Damian Williams On The Conviction of Samuel Bankman-Fried, United States Attorney's Office South District of New York, Updated November 2, 2023: online.

16. Press Release Number 23-036: Alleged Perpetrator Of $100 Million Crypto Market Manipulation Scheme To Make Initial Appearance In The Southern District of New York, United States Attorney's Office South District of New York, Updated February 2, 2023: online.

17. Complaint, Mango Labs, LLC v Eisenberg, 1 :23-cv-00665, (S.D.N.Y. Jan 25, 2023) ECF No. 1, filed January 1, 2023: online.

18. Order Granting Stay, Mango Labs LLC v Avraham Eisenberg, 23-cv-00665 (LJL), filed October 12, 2023: online.

19. Jesse Coghlan, "Mango Markets exploiter said actions were 'legal', but were they?", October 18, 2022: online.

20. Christopher Beam, "The Math Prodigy Whose Hack Upended DeFi Won't Give Back His Millions," May 19, 2022: online.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.