1. Quick breakdown of what happened today on @mangomarkets, the movement of exploited funds and who might be responsible.

4. Tracing the flow of funds 🔁

On October 11, 2022 19:43 the exploiter `yUJw` funded their account with a total $5.5M USDC from @FTX_Official

5. After executing the aforementioned attack, they were able to withdraw roughly $116M of assets.

The $USDC was withdrawn to `41zC`, $USDT to `5C1k`, $MNGO mostly used to launch a sham DAO governance vote and the remaining assets left untouched in the wallet.

6. Following the trail of USDC, we see that 57M lands in a @circlepay wallet `41zC` (confirmed by multiple sources + users of circle).

7. Of the cumulative ~57M going into `41zC` we can hazard a guess that ~27M of those are moved to Circle's main wallet `7VHU` (containing over 3B USDC).

We're still unsure as to whether this is an attempted redemption for fiat, only @circlepay can really shed light here.

9. Why do we think this?

Well as it happens, 30M USDC was redeemed on Ethereum starting at 23:16:35, whilst Solana USDC deposits we saw above to their Circle deposit wallet `2NTz` began at 23:14:54. It was then swapped to DAI via 1inch.

2mins apart, quite the coincidence no?

11. Who is ponzishorter.eth?

A few days prior to this exploit, a certain discord user was discussing details of a potential oracle manipulation exploit proof of concept on the order of 9 figures. Eerily similar.

Massive kudos to @realChrisBrunet for discovering this info.

12. Thanks to inside sources it turns out his real identity is Avraham Eisenberg and he's got quite a coloured history with respect to hacks and crypto exploits.