Six days ago, the cryptocurrency market experienced the most destructive liquidation event in its history. While the mechanics of what happened are now known, the reasons remain a mystery – a mystery that could change the way we view the security of cryptocurrency exchanges.
The epicenter of the earthquake
The story begins prosaically: Binance, for unknown reasons, priced three tokens accepted as collateral for leveraged positions – wBETH, BNSOL and the synthetic dollar USDE – using spot prices from its own order books. As long as these books were liquid, the system worked. The problem arose when liquidity suddenly evaporated.
When Bitcoin and other cryptocurrencies began to lose value following news of Trump’s continued trade war with China, the prices of these three tokens on Binance dropped dramatically – to almost zero in the case of two staking derivatives. Importantly, prices remained stable on other exchanges.
The consequences were devastating. Thousands of traders using these tokens as collateral were liquidated, even though their positions were actually safe at market prices. The Ethena protocol was redeeming USDE tokens at $1 value all the time, but it didn’t matter – Binance was only looking at its own distorted prices.
Suspicious liquidation details
This is where the real mystery begins. Just days before the disaster in question, Binance publicly announced that it would change the way it prices wBETH and BNSOL, moving away from its own spot markets “to minimize the risk of depeg.” In other words, the stock market has admitted to structural weakness, and anyone reading this announcement should keep that in mind.
Hypothetically, this opened the door to a coordinated attack. All it would take is for a whale with enough position in the spot market to sell off enough tokens to trigger a depeg and mass liquidations.
But is it really possible? The data suggests yes.
Analyst Benson Sun detected a disturbing pattern: between 9:18 p.m. and 9:20 p.m. UTC, Binance experienced an “abnormal synchronized liquidity drawdown.” The order books were almost completely empty.
According to data from Blockworks Research, bid and ask volume on the BTC/USDT pair disappeared by over 95% in just ten minutes.
Depegs started around 21:40 UTC. Trump’s announcement about potential additional tariffs on China appeared at 20:00 UTC on his Truth Social platform.
Timing too precise
The most intriguing detail? Two accounts on Hyperliquid shorted Bitcoin and Ether just before Trump’s post, making $160 million. Could these same traders simultaneously withdraw liquidity from Binance, imploding the markets they themselves had made illiquid? Was this a strategy to maximize short profits, fueled by a wave of liquidations across the ecosystem?
This is something we will never know without Binance publicly disclosing details about the activities of the largest traders – which will certainly never happen.
IMPORTANT: Gold breaks through USD 4,200 – will Bitcoin follow the bullion?
Attack pattern
However, it is worth remembering one thing: this is not the first such situation in the industry. Since the end of 2020, there have been at least four other documented attacks on manipulation-prone oracles – bZx, Harvest Finance, Compound and Mango Markets.
Did a single perpetrator cause chaos? This may be the wrong question. The situation could have easily been caused by one person. The real question is whether this was intentional.
It doesn’t take an expert to notice that exchange operators (both centralized and decentralized) should treat this event as a potential coordinated attack. Pattern recognition is what allows you to survive in the cryptocurrency industry. This pattern is too clear to continue to ignore.
