Was the Great Collapse on October 11th caused by a targeted attack These past few days, when I was writing a post about liquidation, I have been thinking about this question in my mind. Because of such a large-scale liquidation, who is the biggest beneficiary? How much did you earn? Today's post by @ yq_cc helped me reorganize the logic by organizing the timeline very well. After chatting with her, I found that there were indeed many coincidences stacked together, making this collapse somewhat strange. The more I looked at it, the more it seemed like a carefully planned targeted attack, which had also been seen during LUNA's collapse before. --Aim for systematic risk accumulation and gently push at vulnerable areas YQ's post is very long. I will briefly write down a few details and my own speculation to see what happened: ~~~~~~~~~~~~~~~~~~ There are three triggers for this major collapse - USDe WBETH BnSOL, among which the oracle machines for the latter two use spot prices, but it is easy to manipulate the spot prices of targets with poor liquidity. Binance also discovered the risk in advance and announced that it will replace the oracle machines on the 14th (later changed to the 11th). And the attack happened just before the oracle was updated, and the vulnerability of the oracle not being updated brought about a second wave of complete collapse. Next, let's take a look at how the attack started: Firstly, USDe experienced a sudden drop of up to 60M in spot trading during the attack (5.43am), indicating that the attacker had gradually collected enough chips in the past period and then smashed them out with one hand. The spot liquidity of USDe is insufficient to support the first de anchoring. 5.44 points, USDe fell to a low of 0.89, and the value of positions using USDe as collateral rapidly decreased, triggering margin calls. Due to the Binance unified margin system allowing cross asset collateralization, wBETH and BNSOL positions were forced to close out. The manipulation of forced liquidation resulted in a short-term drop of over 20% in the spot prices of wBETH and BNSOL due to poor liquidity (wBETH's daily trading depth is only about 2000 ETH), while Binance's predictive machine for collateral value at this time was still based on spot prices, causing the collateral to shrink significantly and triggering a fierce market sell-off. Then start a recursive clearing cycle (BN crashed due to short-term traffic explosion): Users who adopt a profit cycle strategy (pledging ETH/SOL → casting wBETH/BNSOL → borrowing USDT → exchanging USDe) face full account liquidation. When USDe is unanchored and the collateral ratio falls below the 91% threshold, the system automatically liquidates all assets, further exacerbating the selling pressure on wBETH/BNSOL. Finally reaching the peak of anchor detachment: USDe 0.65 wBETH fell to 430, BNSOL fell to 34.90 Why do I suspect it's a targeted attack Coincidentally, the attack occurred just before the announcement by Binance that two key assets (BNSOL and wBETH) were about to be fixed for oracle vulnerabilities. Coincidentally, during the attack, up to 60M of USDE spot was instantly dumped, completely ignoring the slippage loss of such sales, which is very abnormal. To be honest, there have been many cases during the last DeFi Summer where attacks on oracle machines triggered a chain of liquidation profits. But this time, it may be that Binance's size is too large and there is no Lightning Loan to assist in leveraging, which means that attackers also need a lot of time and money to prepare. The possible profit situation of the ultimate attacker, @ yq_comc's speculation is similar to my previous post: Potential short profit: 300-400 million US dollars Accumulation of non-performing assets: 400-600 million US dollars Cross exchange arbitrage: $100-200 million Potential total profit: 800 million to 1.2 billion US dollars Perhaps the biggest attack profit in the past few years? ~~~~~~~~~~~~~~~~~~~ If Binance wants to, it should be possible to investigate the identity of the early morning attacker through KYC (or it may have used a fake identity). But morally speaking, the other party is not considered a crime, but rather took advantage of a loophole in the rules and triggered the biggest avalanche in the history of encryption by throwing a snowball. Can it be convicted? I can't say for sure I suggest everyone take a look at YQ's original article when they have time. The timeline is well organized and includes MM's retreat time, which explains from another perspective why the spot prices on Binance are lower than others. This is because MM on Binance suffered heavy losses in the short period of time after the disaster and had to withdraw for safety. Welcome more teachers to supplement and criticize. Those who lack logic and only know how to spit are fine