On March 5, Polkadot (DOT) experienced a flash crash at Binance perpetual futures which resulted in the contract trading as low at $0.20. While this could have been an honest fat-finger trading mistake, a number of indicators point to a planned-attack.
While no hard evidence will likely ever emerge, the open interest increase just 24 hours ahead of the event indicates that an attacker could have generated a $8.3 million profit by manipulating Binance’s matching engine.
As shown above, during the 3-minute candle, $20.4 million worth of DOT contracts traded. Although the swift downside move was a 99.5% flash crash, it did not result in cascading liquidations.
Futures contracts liquidations are calculated using the price of spot exchanges. Thus, a flash-crash exclusively on futures prices would not impact most traders. According to Binance:
“The Price Index is a bucket of prices from the major Spot Market Exchanges, weighted by their relative volume.”
As per Binance’s support website, Polkadot coin-margined futures index price is composed of Kraken (DOT/USD), Binance (DOT/USD), Binance (DOT/BTC), OKEx (DOT/BTC) and Huobi’s (DOT/BTC) market.
It is worth noting that this specific contract is coin-margined instead of the more liquid Tether-settled one. Cointelegraph recently analyzed those differences, stating that the Tether-based contract “doesn’t need an active hedge to protect collateral (margin) exposure, thus it’s a better choice for retail traders.”
Data uncovers the planned ‘attack’
For an attacker to set up this trade, the first step would be building a leveraged long position while simultaneously creating short exposure using another account.
To create a flash crash while risking the minimum amount possible, preferably, this event should take place not more than a couple of days ahead of the planned ‘attack’.
As depicted above, DOT/USD perpetual futures open interest grew from 1.92 million DOT to 3.34 million some 30 hours ahead of the flash crash, equivalent to a $47 million increase.
To differentiate the attack from a regular leveraged-long, one should track the long-to-short ratio. To maximize gains from the flash crash, the attacker would have created a substantially higher short leveraged amount, thus impacting the long-to-short ratio.
The data above shows that the average 4.25 ratio favoring longs was severely impacted during the open interest increase. This would confirm the theory of a coordinated attack.
How the trade is executed
By holding a considerably larger net short position when both accounts are combined, the attacker would profit from a flash crash. All this entity needs to initiate the event is to market sell the net long position. This move would trigger a substantial sell order, crashing the futures contract. Meanwhile, the other account,…