Mango Markets hacker allegedly feigns Curve short attack to exploit Aave

It appears that shorting of CRV tokens was a distraction shot to exploit a sophisticated loophole on DeFi platform Aave.

As described by analysts at Lookonchain on Nov. 22, tokens of decentralized exchange Curve Finance (CRV) appear to have suffered a major short-seller attack. According to Lookonchain, ponzishorter.eth, an address associated with Mango Markets exploiter Avraham Eisenberg, first swapped 40 million USD Coin (USDC) on Nov. 13 into decentralized finance protocol Aave to borrow CRV for selling. 

The act allegedly sent the price of CRV falling from $0.625 to $0.464 during the week. Fast forward to today, blockchain data shows that ponzishorter.eth borrowed a further 30 million CRV ($14.85 million) through two transactions and transferred them to OKEx for selling. The team at Lookonchain hypothesized that the trade was conducted to drive down the token price “so many people who used CRV as collateral will face liquidation.”

In response to the heavy selling activity, a wallet associated with Curve’s founder added 20 million more CRV in collateral. On Aave, the wallet addresses’ health factor was 1.65 at the time of publication, indicating an excess of collateral against borrowed assets.

But as told by blockchain analytics firm Arkham, the trades “may simply be bait,” with Aave being the primary target instead. Arkham claims that Eisenberg built up an over $100 million position on Aave for a sophisticated trading scheme. 

It first involves a distraction short of CRV tokens on Aave, which is illiquid on the platform but also has very low margin requirements, both of which are important factors for the exploit. The ensuing attention would prompt users to buy the dip en mass to defend the price of CRV and, for others, to try to squeeze the short-seller to cover their position for a loss.

However, the real conspiracy appears to be exploiting the possibility that Aave cannot cover Eisenberg’s CRV short positions, as the platform allegedly does not have enough liquidity to buy back more than 20% of the short. This would then favor bets against Aave and the price decline of its native token:

“The real target here was AAVE’s vulnerable looping system, which Avi mentioned last month. Using $40 million to borrow almost $50 million of CRV could leave AAVE with severe bad debt.”

“To liquidate Avi’s position, Aave liquidators will have no way to buy back all the CRV he borrowed. AAVE will have to sell significant amounts of tokens from the safety module to cover this loss,” wrote Arkham. A screenshot of a swap quote provided by the firm shows an 89.8% potential swap impact between USDT and CRV for the estimated $100M position.

At the time of publication, CRV is up 15.47% to $0.5742 in the past 24 hours, while the price of Aave has declined by 6.33% to $53.54 during the same period. On Oct. 11, Eisenberg drained $117 million from the Mango Markets protocol and kept $47 million as bug bounty before returning the rest, calling it a “highly profitable trading strategy.”