Avi Eisenberg Sentenced: 52 Months, Overturned Fraud Convictions, and the "Code Is Law" Defense That Half-Worked

Key Facts

• Avraham "Avi" Eisenberg, 29, was sentenced on May 1, 2025 to 52 months (4 years, 4 months) in federal prison at FCI Otisville — not for the $110 million Mango Markets exploit, but for a separate guilty plea to possession of child sexual abuse material discovered on his devices when arrested (CoinDesk / The Block, May 2025)
• On May 23, 2025, U.S. District Judge Arun Subramanian vacated all three of Eisenberg's crypto fraud convictions — commodities fraud, commodities manipulation, and wire fraud — ruling that the government had failed to establish proper venue and that Mango Markets' lack of rules or terms of service meant Eisenberg had made no materially false representation (TRM Labs / The Block, May 2025)
• The wire fraud acquittal rested on a specific finding: Mango Markets had no terms of service, no prohibition against manipulation, and no requirement that loans be repaid — so clicking the "borrow" button did not constitute a false representation, even if Eisenberg never intended to repay the funds (Venable LLP / CoinDesk, 2025)
• The underlying October 2022 exploit saw Eisenberg deposit $5 million in USDC, artificially inflate MNGO's price by more than 1,000% in 20 minutes using self-trading between two accounts, then borrow $110 million against his inflated collateral before the price crashed; he later returned $67 million with the DAO voting to allow him to keep $47 million (The Block / Venable LLP, 2022–2025)
• Prosecutors have appealed the acquittal, arguing Judge Subramanian "ignored critical evidence" and used an "overly narrow reading of the law" — specifically that clicking "borrow" conveys an intent to repay, and that Mango's user guide required maintaining a "Health Ratio above 0%," creating an implicit obligation (DL News / prosecutors' filing, December 2025)
• The commodities fraud and manipulation charges — vacated for venue deficiency rather than acquitted on the merits — may potentially be retried in a different venue if the government chooses to refile, while the wire fraud acquittal is more difficult to overcome on appeal (TRM Labs, June 2025)
• Separate SEC and CFTC civil enforcement actions against Eisenberg were stayed in March 2023 pending the criminal case; their status following the overturned convictions is now subject to resolution of the government's appeal (Cointelegraph, 2025)

Breaking: The Mango Markets case just produced the most legally complex outcome in DeFi prosecution history — a defendant sentenced to more than four years in prison, whose three crypto fraud convictions were simultaneously thrown out, while prosecutors appealed to reinstate them.

Avi Eisenberg is in federal prison. His crypto fraud convictions no longer exist. Both of those things are true at the same time. Understanding how a $110 million DeFi exploit produced that outcome requires understanding three separate proceedings that unfolded in parallel — and what the legal reasoning behind each says about where DeFi enforcement law actually stands.

Signal 1 — The Mango Markets Exploit: What Eisenberg Did and How It Worked

The Mango Markets exploit of October 11, 2022 is the clearest case study in what "exploiting a DeFi protocol" actually means mechanically — and why it sits in contested legal territory between market manipulation, contract violation, and technically permitted protocol use.

Mango Markets was a decentralized exchange built on Solana offering spot trading, perpetual futures, and margin lending against collateral positions. Its native token was MNGO. The platform had no central operator, no customer service team, and — critically — no formal terms of service, no explicit rules against price manipulation, and no stated requirement that margin loans be repaid as long as collateral health ratios were maintained.

Eisenberg's exploit worked in three stages. First, he deposited $5 million in USDC split across two accounts he controlled on Mango Markets. Second, he used those two accounts to trade MNGO Perpetuals against each other — buying from himself at escalating prices — while simultaneously purchasing large quantities of MNGO on external exchanges including AscendEX. This coordinated buying pushed MNGO's price up by more than 1,000% in approximately 20 minutes. Third, with his long MNGO Perpetual position now reflecting the massively inflated price as collateral, he borrowed approximately $110 million in cryptocurrency from Mango Markets' liquidity pools — USDC, SOL, BTC, ETH, and other assets that other users had deposited to earn yield.

He then sold MNGO on external exchanges, crashing the price. His short position gained value. He borrowed again against the short. When the dust settled, he had withdrawn approximately $110 million and left Mango Markets technically insolvent — the deposited assets backing the platform's lending pools had been drained, and the remaining depositors could not withdraw their funds.

Eisenberg publicly acknowledged the exploit on Twitter, calling it "a highly profitable trading strategy" and defending it as "legal open market actions, using the protocol as designed." He subsequently negotiated with the Mango DAO — the protocol's governance body — agreeing to return $67 million while keeping $47 million as what the DAO voted to characterize as a "bug bounty." That governance vote would later become a central piece of evidence in the prosecution's case that Eisenberg knew his actions were criminal and was seeking immunity through a retroactive settlement.

What This Means For You

• For active traders operating in DeFi markets, the Mango exploit architecture — self-trading to inflate collateral value, then borrowing against inflated value from a protocol with no repayment enforcement — remains theoretically replicable on any lending protocol that uses a manipulable price oracle without circuit breakers. The specific vulnerability was not unique to Mango.
• For long-term holders of DeFi tokens, the case established that DeFi protocols without explicit terms of service, anti-manipulation provisions, and repayment requirements face the most difficult path to criminal prosecution of their exploiters. Protocols that have added these provisions since 2022 have stronger legal footing.
• For newcomers, the most useful framing of the Mango exploit is: Eisenberg found a gap between what the protocol's code allowed and what its users expected. The code allowed price-based borrowing with no repayment enforcement. The users expected their deposited funds would be safe. The legal system then had to decide which of those two things — code behavior or user expectation — constitutes the relevant legal reality. The answer is still being litigated.

Signal 2 — The Overturned Convictions: How "Code Is Law" Half-Won in Federal Court

The May 23, 2025 decision by Judge Arun Subramanian vacating all three of Eisenberg's crypto fraud convictions is the most significant legal victory for "code is law" proponents in the history of DeFi criminal prosecution — and it came on two entirely different legal grounds.

The commodities charges (commodities fraud and commodities manipulation) were vacated on venue grounds — not on the merits. The Southern District of New York (SDNY) is one of the most prestigious and powerful federal districts in the country, but it can only prosecute crimes that have "essential conduct elements" occurring within its geographic boundaries. Eisenberg executed every transaction from Puerto Rico. The government argued that a vendor of AscendEX exchange (HD Consulting) had personnel in Manhattan who helped identify the manipulation, and that a Mango Markets user in Poughkeepsie had unsuccessfully tried to withdraw funds.

Judge Subramanian rejected both arguments flatly. A vendor's monitoring activities in Manhattan and a user's failed withdrawal attempt in a different city are not "essential conduct elements" of commodities fraud committed in Puerto Rico. The venue requirement is a constitutional protection, and it wasn't met. The commodities convictions were vacated — but crucially, vacating for venue doesn't mean acquitting on the merits. The government could theoretically refile in a proper venue, such as the District of Puerto Rico.

The wire fraud charge was overturned on both venue grounds AND on the merits — an acquittal that is much harder for the government to overcome. Judge Subramanian's analysis of the wire fraud charge went to the heart of whether Eisenberg had made a materially false statement to Mango Markets. His conclusion: he hadn't. Mango Markets had no terms of service prohibiting manipulation. It had no explicit requirement that borrowers repay loans. It had no statement that collateral had to represent genuine market value. When Eisenberg clicked the "borrow" button on a protocol with no rules, he wasn't making a false representation — he was taking an action that the protocol's code permitted.

The judge's quote is worth understanding precisely: "That word ['borrow'] could have been 'Access Collateral,' 'Utilize Assets,' or anything else for that matter." The protocol used the word "borrow" in its interface. But the word itself doesn't create a legal obligation to repay if the protocol doesn't enforce repayment and never required it as a condition of the transaction.

What This Means For You

• For active traders in DeFi markets, the wire fraud acquittal creates a specific legal gap: exploiting a DeFi protocol's code-level vulnerabilities without making an explicit false statement may not constitute wire fraud if the protocol has no terms prohibiting the behavior. That gap will narrow as protocols add explicit terms and as the CLARITY Act's DeFi provisions take effect.
• For long-term holders of governance tokens in DeFi protocols, the Mango case is a direct argument for protocols to adopt explicit terms of service, anti-manipulation provisions, and on-chain governance rules that create the contractual commitments that Judge Subramanian found were missing. Without those provisions, exploiters face a weaker fraud prosecution.
• For newcomers, the legal distinction between "this was technically permitted by the code" and "this was fraud" is the central unresolved question in DeFi law. Judge Subramanian's decision represents the most authoritative answer yet — and that answer is: if the protocol had no rules, the code's behavior largely defines the legal baseline. The prosecution's appeal will determine whether the Second Circuit agrees.

Signal 3 — The Government's Appeal and What It Means for DeFi Enforcement

Prosecutors filed their appeal of Judge Subramanian's acquittal in December 2025 — and the legal arguments they're making reveal how the government intends to push back against the "code is law" precedent.

The prosecution's core argument is that Judge Subramanian applied an "overly narrow reading of the law" that "would unsettle traditional understandings of fraud." Specifically, prosecutors argue two things. First, that the word "borrow" itself conveys an intent to repay — a plain language argument that clicking a button labeled "borrow" creates an implicit representation of repayment intent that Eisenberg violated. Second, that Mango Markets' user guide explicitly defined borrowing as requiring maintaining a "Health Ratio above 0%" until repaying the loan — creating a contractual obligation that Eisenberg breached.

The tension in those two arguments is real. If the user guide created a repayment obligation, then Judge Subramanian's conclusion that Mango had "no requirement that loans be repaid" was factually incorrect — and the appeal has merit on that specific point. If the user guide's health ratio requirement is merely a technical parameter rather than a promise to repay, the acquittal stands.

The Second Circuit's decision will have implications that extend far beyond Eisenberg. If the appellate court reinstates the wire fraud conviction, it establishes that clicking "borrow" in a DeFi interface creates a legally cognizable promise of repayment regardless of whether the protocol has explicit terms. That precedent would apply to every DeFi exploit involving margin borrowing against manipulated collateral. If the Second Circuit upholds Subramanian's acquittal, it cements the principle that protocols without explicit anti-manipulation terms cannot rely on wire fraud prosecution to deter exploits — forcing them to build protections into governance rather than relying on criminal law.

Eisenberg is serving his 52-month sentence for the CSAM charge regardless of the appeal's outcome. The appeal affects only whether the crypto fraud convictions are reinstated, and whether the government can pursue additional criminal liability once he completes his sentence.

What This Means For You

• For active traders following DeFi legal developments, the Second Circuit appeal is the most important pending crypto enforcement case in the United States — more consequential for DeFi protocol design than any regulatory ruling, because it will define whether "code is law" is a valid legal defense in federal court.
• For long-term holders building or investing in DeFi protocols, the appeal's outcome will determine the required legal architecture for a protocol to have recourse against exploiters. If the wire fraud acquittal stands, protocols need explicit contractual terms creating repayment obligations. If it's overturned, existing interface language may create sufficient implicit obligations.
• For newcomers, the most important practical takeaway from the Eisenberg case is structural: DeFi protocols that don't explicitly prohibit market manipulation and require repayment of loans as a user agreement condition are operating in a legal environment where exploits may be extremely difficult to prosecute. The CLARITY Act's Section 309 DeFi developer safe harbor, and the forthcoming implementing regulations, will be the framework within which these terms are standardized.

How Different Investors Are Reading This

The Eisenberg case is generating three analytically distinct responses — reflecting how differently the crypto community, the legal community, and traditional financial regulators read the same set of facts.

DeFi protocol developers and the broader "code is law" community are reading Judge Subramanian's acquittal as the strongest judicial validation their legal theory has ever received. The specific reasoning — that a protocol without explicit rules cannot be defrauded by someone exploiting its code-permitted behaviors — is precisely what protocol-first developers have argued for years. For this community, the acquittal is not a celebration of Eisenberg's conduct but a recognition that DeFi protocol governance, not criminal law, is the appropriate mechanism for preventing exploits. The practical response from this community since the 2022 exploit has been the proliferation of price oracle circuit breakers, manipulation-resistant TWAP oracles, and explicit terms of service — exactly the protocol-level defenses the Mango case revealed were missing.

Federal prosecutors and securities law practitioners are reading the outcome as an embarrassing venue failure that obscures the stronger merits case the government had on commodities manipulation. The evidence of manipulation was not disputed — the judge explicitly noted there was "sufficient evidence of a manipulative device" on the commodities charges, but vacated them for venue rather than insufficiency of evidence. The prosecution chose SDNY as the venue because it has the most experienced crypto enforcement team and the most favorable judicial environment — a calculation that backfired when every transaction was shown to have occurred in Puerto Rico. The appeal focuses the government's energy on the wire fraud acquittal, where the user guide evidence gives them a factual hook that the judge may have improperly dismissed.

Institutional investors evaluating DeFi market risk are reading the Eisenberg case as the most detailed public documentation of the legal framework governing DeFi exploit liability. The conclusion from that documentation: protocols that don't explicitly prohibit manipulation and require repayment face criminal enforcement gaps that make prevention through protocol design more reliable than prosecution after the fact. That conclusion has directly informed a wave of institutional DeFi protocol reviews that have added explicit terms of service, anti-manipulation provisions, and on-chain governance rules since 2022.

For those tracking the Eisenberg appeal, the Second Circuit's expected ruling timeline, and the DeFi legal framework implications for protocol design — BYDFi's platform offers integrated news alerts and regulatory tracking tools that support monitoring of the crypto enforcement developments that shape the regulatory environment for decentralized finance.

Disclaimer: This article is for informational purposes only and does not constitute financial, investment, or trading advice. Cryptocurrency markets are highly volatile and unpredictable. Past performance is not indicative of future results. Always conduct your own research and consult a qualified financial advisor before making any investment decisions.

FAQ

What did Avi Eisenberg do to Mango Markets?

On October 11, 2022, Avraham "Avi" Eisenberg executed an exploit on Mango Markets, a Solana-based decentralized exchange, that drained approximately $110 million from the platform's liquidity pools. He deposited $5 million in USDC across two accounts he controlled, then artificially inflated the price of Mango's native MNGO token by more than 1,000% in approximately 20 minutes using coordinated self-trading between his accounts and simultaneous purchases on external exchanges. With his long MNGO Perpetual position reflecting the massively inflated price as collateral, he borrowed approximately $110 million in various cryptocurrencies from Mango's lending pools. He then sold MNGO, crashing the price, and withdrew with the borrowed funds — leaving Mango Markets technically insolvent and depositors unable to withdraw their funds. He subsequently returned $67 million after negotiating with the Mango DAO, which voted to allow him to keep approximately $47 million as a settlement.

Why were Avi Eisenberg's crypto fraud convictions overturned?

U.S. District Judge Arun Subramanian vacated all three of Eisenberg's crypto fraud convictions on May 23, 2025, for two separate reasons. The commodities fraud and commodities manipulation convictions were vacated on venue grounds — the government prosecuted in the Southern District of New York (SDNY), but Eisenberg executed every transaction from Puerto Rico, and neither the exchange vendor's monitoring activities in Manhattan nor a Mango user's failed withdrawal in Poughkeepsie constituted "essential conduct elements" of the offense in SDNY. The wire fraud conviction was overturned on both venue grounds and on the merits — Judge Subramanian found that Mango Markets had no terms of service, no prohibition against manipulation, and no explicit requirement that borrowed funds be repaid. Without those rules, clicking the "borrow" button did not constitute a materially false representation sufficient to support a wire fraud conviction.

What sentence did Avi Eisenberg actually receive?

Eisenberg was sentenced on May 1, 2025 to 52 months — approximately four years and four months — in federal prison at FCI Otisville. That sentence was for a separate guilty plea to possession of child sexual abuse material, discovered when investigators executed a search warrant on his electronic devices at the time of his arrest for the Mango Markets case in December 2022. The sentence includes five years of supervised release after incarceration, with strict conditions including mandatory installation of monitoring software on all electronic devices. Prosecutors had requested a sentence of 78 to 97 months (approximately 6.5 to 8 years). Eisenberg's crypto fraud convictions — which were the subject of the separate trial in April 2024 — were overturned three weeks after his sentencing and are now the subject of a government appeal.

What is the "code is law" argument and how did it apply in the Eisenberg case?

The "code is law" theory holds that any activity on a blockchain protocol is legally permissible as long as it follows the logic set out in the underlying code — that the software's behavior defines the boundaries of acceptable use, not the expectations or intentions of the protocol's users or developers. Eisenberg explicitly advanced this defense, arguing that his Mango Markets exploit was "legal open market actions, using the protocol as designed." The argument partially succeeded: Judge Subramanian's wire fraud acquittal rested on a finding that Mango Markets' code permitted borrowing against collateral without any explicit prohibition on manipulation or repayment requirement, making it legally difficult to characterize Eisenberg's actions as fraudulent misrepresentation. The argument failed at the jury level, where jurors convicted on all three charges — but the judge's post-trial acquittal gave the "code is law" theory its most authoritative judicial endorsement to date. Prosecutors' appeal argues the theory "would unsettle traditional understandings of fraud" and is being reviewed by the Second Circuit.

What happens next in the Eisenberg case?

Multiple proceedings remain active or pending following the May 2025 sentencing and conviction vacatur. First, federal prosecutors appealed the acquittal of the wire fraud charge and the vacatur of the commodities charges in December 2025, arguing Judge Subramanian "ignored critical evidence" and applied an overly narrow legal standard. The Second Circuit's ruling on that appeal will determine whether the crypto fraud convictions are reinstated. Second, the commodities fraud and manipulation charges — vacated for improper venue rather than acquitted on the merits — could theoretically be refiled in a proper venue such as the District of Puerto Rico if the government chooses to pursue that path. Third, separate SEC and CFTC civil enforcement actions against Eisenberg were stayed in March 2023 pending the criminal proceedings; their status is now subject to the outcome of the government's appeal. Eisenberg is currently serving his 52-month sentence for the CSAM charge regardless of how the appeal resolves.