17 March 2020 06:22 EDT . 3 min read

BitMEX Explains the Attack to Doubting Customers; Refunds BTC 40

Disclosure: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. By using this website, you agree to our terms and conditions. We may utilise affiliate links within our content, and receive commission.

Major crypto derivatives exchange BitMEX said that the root cause of the DDoS attacks on March 13 has been identified, and more than BTC 40 (USD 211,000) refunded to the affected users.

BitMEX published a blog post authored by its Co-founder and CEO, Arthur Hayes, stating that the exchange experienced two DDoS (denial-of-service) attacks on the day the market went plummeting, with bitcoin diving to the USD 5,000 level, briefly touching the USD 4,000 level, and even moving below USD 4,000 on BitMEX. With a DDoS attack, the hacker floods a website from many different sources in order to disrupt the service and make it unavailable. This is what the exchange says happened, as the attacks delayed or even prevented requests going to and from the platform.

The exchange goes on to explain that they believe that these two attacks are in fact connected to the DDoS attacks it experienced just last month, done by the same actor(s), and that the previous DDoS was used to identify the target so to attack it at the most opportune moment – at “a peak moment of market volatility.” The targeted feature was the Trollbox (a chat box). Once a DDoS was noticed, it was stopped, but both caused “a significant internal queue,” which was cleared manually for the second attack in order to resume system operations.

That said, the platform gives a number of 156 accounts “for which Last Price stops were clearly erroneously triggered on ETHUSD, caused by the unintended late processing of market orders during the first downtime,” and a total of BTC 40.297 was refunded to users “for each stop that triggered erroneously during this period.” There is no mention of any other refunds.

All personal data is safe, assures the platform. While they are working on solutions to prevent a future attack, isolate critical systems, increase automated scalability under load, review the oldest and most vulnerable parts of the system (like the Trollbox), etc., they admit that “no system is immune to disruption via DDoS.”

As a reminder, we reported that in the aftermath of the now notorious March 13 market crash, there have been speculations in the Cryptoverse about what BitMEX’s role during that crash was exactly. The speculations arose after the exchange had halted trading during the storm, claiming that they were experiencing a “hardware issue” at a cloud service provider. Some argued that there was no such issues, while others said that the highly leveraged derivatives trading taking place on the exchange exacerbated losses in the bitcoin price.

In their analysis on the Bitcoin crash, financial technology and data company Digital Assets Data says that at approximately 2:15 UTC, the price of Bitcoin fell below USD 4,000, and this fall was led by BitMEX, until BTC dropped to almost USD 3,600, they told Cryptonews.com. As reported, the exchange temporarily halted trading at the time. BitMEX’s report also gives 2:16 UTC as the time of the first attack. Another exchange to experience outages, says the data company, is Deribit: the first during the sell-off and the second after the recovery started.

“These two exchanges, acting as two of the largest liquidity providers, experienced technical issues which may have likely contributed to the extreme volatility,” writes Digital Assets Data.

They conclude that Coinbase led the subsequent recovery, “with BitMEX lagging far behind the other major exchanges.”

Meanwhile, in February, as Cryptonews.com reported, two other exchanges suffered multiple DDoS attacks: OKEx and Bitfinex.

As for the accusations that this was all orchestrated by the exchange, BitMEX responded that “It would be against our own interests to fabricate downtime.” Nonetheless, they recognized that “the community wants to know more about how liquidations interact with the insurance fund,” promising to share more details about that and the attacks soon.

The exchange, Hayes, as well as their Chief Technology Officer, Samuel Reed, have been tweeting out the explanations of what had happened, but the response so far in the comments seems to be overwhelmingly negative. People are calling the exchange a scam, not believing that they don’t stand behind the incident; people say that centralized exchanges are manipulating the markets and that “Exchanges and Cryptocurrency do not mix”; others are asking for the IP addresses used during the attack to check it themselves or any proof that goes beyond just excuses, many are asking for refunds, some are calling for BitMEX to close, and more.