On March 5, Polkadot (DOT) experienced a flash crash at Binance perpetual futures which resulted in the contract trading as low at $0.20. While this could have been an honest fat-finger trading mistake, a number of indicators point to a planned-attack.
While no hard evidence will likely ever emerge, the open interest increase just 24 hours ahead of the event indicates that an attacker could have generated a $8.3 million profit by manipulating Binance’s matching engine.
As shown above, during the 3-minute candle, $20.4 million worth of DOT contracts traded. Although the swift downside move was a 99.5% flash crash, it did not result in cascading liquidations.
Futures contracts liquidations are calculated using the price of spot exchanges. Thus, a flash-crash exclusively on futures prices would not impact most traders. According to Binance:
“The Price Index is a bucket of prices from the major Spot Market Exchanges, weighted by their relative volume.”
As per Binance’s support website, Polkadot coin-margined futures index price is composed of Kraken (DOT/USD), Binance (DOT/USD), Binance (DOT/BTC), OKEx (DOT/BTC) and Huobi’s (DOT/BTC) market.
It is worth noting that this specific contract is coin-margined instead of the more liquid Tether-settled one. Cointelegraph recently analyzed those differences, stating that the Tether-based contract “doesn’t need an active hedge to protect collateral (margin) exposure, thus it’s a better choice for retail traders.”
Data uncovers the planned ‘attack’
For an attacker to set up this trade, the first step would be building a leveraged long position while simultaneously creating short exposure using another account.
To create a flash crash while risking the minimum amount possible, preferably, this event should take place not more than a couple of days ahead of the planned ‘attack’.
As depicted above, DOT/USD perpetual futures open interest grew from 1.92 million DOT to 3.34 million some 30 hours ahead of the flash crash, equivalent to a $47 million increase.
To differentiate the attack from a regular leveraged-long, one should track the long-to-short ratio. To maximize gains from the flash crash, the attacker would have created a substantially higher short leveraged amount, thus impacting the long-to-short ratio.
The data above shows that the average 4.25 ratio favoring longs was severely impacted during the open interest increase. This would confirm the theory of a coordinated attack.
How the trade is executed
By holding a considerably larger net short position when both accounts are combined, the attacker would profit from a flash crash. All this entity needs to initiate the event is to market sell the net long position. This move would trigger a substantial sell order, crashing the futures contract. Meanwhile, the other account, previously net short, would score big.
762,000 DOT contracts traded during the 3-minute flash-crash candle at a $26.73 average price. Considering the change in the long-to-short ratio, the attack most likely created a $30 million long position. Meanwhile, the secondary account held a $10 million net short exposure.
Although far from the 99.5% price crash, this 19% drop from $33 likely generated a $9.5 million gain for the account holding the $10 million short exposure if 5x leverage was in play. On the other hand, the collateral lost for the $30 million long position amounts to $1.2 million is 25x leverage was deployed.
It is important to emphasize that holders of Binance DOT futures contracts were unlikely affected by the flash crash. Therefore, the attackers’ net long account should be holding a negative balance, which the Binance insurance fund will likely cover.
The above calculations are mere speculations based on exchange-provided data. As previously mentioned, it is unlikely that hard evidence of this attack will ever surface.
The views and opinions expressed here are solely those of the author and do not necessarily reflect the views of Cointelegraph. Every investment and trading move involves risk. You should conduct your own research when making a decision.