- Bitcoin experienced a drop to $3,700 on BitMEX some days ago. The drop was revealed to be caused by two separate botnet attacks.
- BitMEX suffered two botnet attacks on March 13. The first at 02:15 UTC and the second at 12:56 UTC.
On March 12, 2020, the crypto community witnessed one of the worst sudden drops in Bitcoin’s history. The cryptocurrency crashed $1,800 in price and, in less than an hour, was down to $3,660. Although it managed to bounce back to $5,200, the drop caused a great debate in the community and called into question the idea that Bitcoin is a safe haven during a crisis.
There were users in the crypto community who accused BitMEX of causing the crash. In response to these accusations, BitMEX co-founder and CEO Arthur Hayes wrote on his Twitter account:
I know there are questions and concerns following the events from the past 72 hours. We have been listening and my team has been gathering the facts. We will be addressing these questions and concerns transparently and comprehensively over the coming days.
Details about the attacks
The next day, BitMEX CTO Samuel Reed revealed that the exchange fell victim to two botnet attacks at 02:15 UTC and the second at 12:56 UTC. The attacker, according to Reed, had been testing the exchange’s system for some time. On February 15th BitMEX recorded one of these attacks. However, the BitMEX security system managed to repel it.
Reed revealed that the attack that occurred on March 13 was different; the attacker changed his strategy:
The botnet found an endpoint that was consistently, reliably slow. The query they hit did a 400ms reverse sequential scan rather than using the index (Parallel Index Scan / Gather Merge for PG fans), because an ANALYZE hadn’t been automatically run for too long by RDS defaults.
The consequence, as Reed reported, was that the database began to exchange with a 100% link to the CPU. Of this, 99% was put into iowait. The exchange system did not recognize the attack and the database failure occurred.
However, the exchange was able to recognize the second attack and fix the failure. Reed stated that BitMEX is making the necessary corrections to prevent the situation from repeating itself. The BitMEX CTO said that some corrections are already active, but others like the suspension of trading, public facing protocols, among others, will need time to develop. The exchange is expected to publish a detailed technical report in the coming days.
Reed revealed that after advancing the investigations, the exchange returned the money to users affected by the attack. Refunds were made based on the last price recorded by the pair the trader was handling before the attack occurred. Reed gave the following user as an example.
Wow guys, Bitmex actually refunded me after they scammed me during that crash. I now have more respect for @CryptoHayes.
What a ledge. $ETH was trading at $96 & I put a limit order at 120 to short with a stop at 123.
— Ninja (@Ninjascalp) March 15, 2020