Original Title: "Was the Crash on October 11 a Result of a Targeted Attack?"
Original Author: Master Brother from Australia, Crypto KOL
For the past few days, while writing a post about liquidations, I've been pondering this question: who are the biggest beneficiaries of such a massive liquidation? How much did they earn?
Today, @yq_acc's post helped me reorganize the logic by providing a well-structured timeline.
After chatting with her, I found that many coincidences combined make this crash seem quite strange, and the more I look at it, the more it resembles a carefully planned targeted attack, similar to what we saw during the LUNA collapse.
-- Targeting systemic risk accumulation, giving a gentle push at the weak points
YQ's post is lengthy, so I'll briefly outline a few details and my own speculations to see what exactly happened:
The trigger for this major crash had three components -- USDe, WBETH, and BnSOL. The latter two used spot prices from oracles, but the spot prices for illiquid assets can be easily manipulated. Binance had already identified the risk and announced it would change the oracle on the 14th (later changed to the 11th).
The attack happened just before the oracle update, and the vulnerability of the oracle not being updated led to a second wave of complete collapse.
Next, let's look at how the attack began:
First was USDe, where a sudden dump of up to 60M in spot occurred during the attack (5:43 AM). The attacker likely had been gradually accumulating enough chips over time and then dumped them all at once. The insufficient liquidity of USDe's spot price led to the first decoupling.
At 5:44, USDe dropped to a low of $0.89, causing the value of positions using USDe as collateral to plummet rapidly, triggering margin calls.
Since Binance's unified margin system allows cross-asset collateral, this led to forced liquidations of wBETH and BnSOL positions. The manipulation of forced liquidations, combined with the poor liquidity of wBETH and BnSOL (with an average daily trading depth of only about 2,000 ETH), caused their spot prices to decouple by over 20% temporarily. At this time, the oracle for collateral value was still using spot prices, leading to a drastic reduction in collateral value and triggering massive liquidations in the market.
Then began a recursive liquidation loop (BN went down due to a sudden traffic explosion):
Users employing yield cycling strategies (staking ETH/SOL → minting wBETH/BnSOL → borrowing USDT → exchanging for USDe) faced total account liquidation. When USDe decoupled, the collateral ratio fell below the 91% threshold, and the system automatically liquidated all assets, further exacerbating the selling pressure on wBETH/BnSOL.
Ultimately reaching the peak of decoupling: USDe at 0.65, wBETH dropped to $430, and BnSOL dropped to $34.90.
Why I suspect it was a targeted attack:
Coincidence 1: The attack occurred just before Binance announced it would fix the oracle vulnerabilities of two key assets (BNSOL and wBETH).
Coincidence 2: During the attack, there was an instantaneous dump of up to 60M USDe, completely disregarding the slippage losses from such a sale, which is very abnormal.
To be frank, cases of attacking oracles to trigger cascading liquidations for profit occurred many times during the last DeFi summer. However, this time, perhaps due to Binance's massive scale and the lack of flash loans to leverage, the attacker needed a significant amount of time and money to prepare.
The potential profit situation for the attacker, as speculated by @yq_acc, is similar to what I mentioned in a previous post:
- Potential short profit: $300-400 million
- Accumulation of poorly priced assets: $400-600 million
- Cross-exchange arbitrage: $100-200 million
- Total potential profit: $800 million - $1.2 billion
Perhaps the largest attack profit in the past few years?
If Binance wanted, they could actually identify the attacker from the KYC investigation conducted in the early morning (though they might have used a fake identity). However, morally speaking, the other party is not necessarily a criminal; they merely exploited a loophole in the rules, triggering the largest avalanche in crypto history by throwing out a snowball.
Can they be convicted? I can't say.
I suggest @cz_binance @heyibinance @binance investigate to see if my claims hold any merit. Additionally, I recommend everyone take a look at YQ's original post when they have time; the timeline is well-organized and includes the withdrawal times of market makers, explaining from another angle why the spot prices on Binance were lower than those on other exchanges, as the market makers on Binance suffered severe losses and had to withdraw for safety in the short time after the disaster.
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
