The price of Bitcoin dropped 26% in a single day last week, its biggest price crash in seven years. Unsurprisingly, traders were looking for answers.
Several pointed the finger at BitMEX, a Bitcoin futures exchange in the Seychelles, which the UK’s financial regulator recently pointed out was an unregulated entity. During the crash, the exchange saw $750 million in Bitcoin liquidated—as traders had their positions wiped out. The exchange then went down for maintenance, and the price of Bitcoin recovered, leading to a lot of questions and long tweethreads by sleuths trying to work out what happened.
BitMEX uses an Insurance Fund to avoid Auto-Deleveraging in traders' positions. The fund is used to aggress unfilled liquidation orders before they are taken over by the auto-deleveraging system.
The fund INCREASED on a day that the system and liquidation engine failed.
Today BitMEX published an explanation of what went wrong. It says that a perfectly timed—and prepared—DDoS attack brought the site to its knees, precisely during the big market crash. And that it wasn’t the first time this attacker had targeted the exchange.
“At 02:16 UTC abotnet began a DDoS attack against the BitMEX platform. We discovered shortly afterward that this botnet had been responsible for a similar, yet unsuccessful, attack a month ago on 15 February,” Arthur Hayes, CEO of BitMEX, wrote in a blog post.
While the attack on BitMEX did not cause the price crash—likely due to the stock market freefalling—it’s likely that it made the price fall further than it would have. “Based on our access logs, we believe the attackers identified their target in February, then waited for the moment their attack would make the most market impact,” Hayes added.
We have identified the root cause of two DDoS attacks at 02:16 UTC and 12:56 UTC, 13 March 2020. For a full account of what happened and how we are responding, please refer to our blog: https://t.co/RS7YtX1xOD
The attackers exploited a messaging tool of the website used to query bits of data. By making this run inefficiently, it prompted BitMEX's database to operate at peak capacity, slamming the brakes on the platform.
AD
AD
BitMEX admitted to misdiagnosing this as a "hardware failure." As a result, a destructive domino effect ensued, ultimately causing the BitMEX outage.
According to BitMEX, 156 accounts erroneously triggered price stops during downtime—of which the exchange refunded 40.297 XBT—BitMEX’s version of Bitcoin—worth, since the price drop, $200,000.
"We have fixed the underlying issue and have been working around the clock to introduce additional detection and response layers," Hayes said.