Kraken users were unable to log into the site to manage trades after an apparent large selloff caused Ether (ETH) prices to sink, triggering liquidation of margin positions.
Kraken traders saw losses as a DDoS attack restricted access to the site while a selloff caused the price of Ether to drop.
Site under heavy DDoS. We are working to mitigate the attack. Status updates at: https://t.co/mRoBgqEeJW
— Kraken Exchange (@krakenfx) May 7, 2017
On May 7, 2017, charts indicated that around 3:30 PM (PST), a large sell order effectively tanked the price of Ether on the Kraken exchange. Shortly thereafter, users were unable to log into the website to manage their accounts. Kraken announced its site was under heavy DDoS (Distributed Denial of Service) attacks at 3:57 PM via Twitter. Unable to manage their positions after the selloff, due to the limited bandwidth on the site, many user accounts holding margin positions were forced into liquidation at Kraken's discretion. While users may have been aware of the risk when they entered those margin positions, the fact that they could not manage them during the DDoS has put Kraken under scrutiny. In a letter emailed by Kraken’s support team, the exchange denied any wrongdoing and says the DDoS and selloff’s timing were a coincidence.
An incident report on Kraken's website indicates that at 3:59 PM (PST) on May 7, both the application program interface (API) and website were slow or unresponsive. The same page displayed that two hours later, the issue was resolved, the “website and API functionality are back to normal,” and Kraken is “monitoring closely and conducting a detailed investigation of the event.”
On Twitter, at 7:24 AM today, Kraken announced that it is “working to resolve” functionality of the “funding pages not loading correctly,” to the relief of some users who responded with positive feedback to the exchange's tweet.
For clients seeing the issue with funding pages not loading correctly – we are working to resolve this ASAP. https://t.co/mmP4cVUg4d
— Kraken Exchange (@krakenfx) May 8, 2017
Kraken has not responded to ETHNews’ inquiries regarding this incident, but the letter indicates that the selloff is being treated as a “cascade of liquidations” triggered by a “large, legitimate ETH sell order,” and that the DDoS attack taking place simultaneously was a “coincidental overlap in timing” showing no “evidence of a coordinated attack or market manipulation.”
See the letter in full below:
Eliah (Kraken Support)
May 8, 02:47 PDT
Hi there,
We have completed our investigation in to the May 7th DDoS attack, and the cascading margin liquidations on the ETH/USD order book.
Despite the coincidental overlap in timing of the events, we did not find any evidence of a coordinated attack or market manipulation.
A large, legitimate ETH sell order triggered a cascade of liquidations. The downward momentum of the liquidations was slowed by Kraken’s market price protection system. The trading engine and risk systems functioned as expected.
Once the liquidations had been triggered, they could not be stopped – DDoS or not.
The ongoing DDoS attack at the time of liquidations possibly inhibited inflows of new capital which might have been able to further absorb liquidations where the market price protection system took a pause. The DDoS also broadly reduced availability of the service, which inhibited new orders from being placed on either side of the book. It is conceivable that had the DDoS not overlapped with the liquidations that the bottom would have been lower.
This message will serve to address most of your questions.
But for the DDoS I would not have been liquidated.
- The DDoS did neither cause nor exacerbate liquidations. Once liquidations are triggered, they cannot be stopped. The best that can be hoped for is that liquidity is there to absorb the market orders. Kraken’s market price protection system attempts to protect those being liquidated by pausing at times to allow liquidity to fill in but there is no guarantee that others are willing and able to provide that liquidity.
Kraken should have halted trading while under attack.
- The consequences for traders would have been even worse. Crypto assets trade on many exchanges and shutting down an individual market simply means that participants there cannot react to the changes elsewhere. The ETH/USD market liquidations were not a result of the DDoS attack. Not halting trading allowed for orders to fill in to absorb the liquidations, which otherwise would have found a lower bottom. Exchanges are constantly under attack – some worse than others. Kraken will always strive to maintain market availability throughout an attack.
You should guarantee 100% uptime.
- Unfortunately, this is not realistic at our price point. Even giants like Amazon and Google are not completely immune to DDoS. We have already invested a lot in mitigating attacks and we are constantly improving our defenses. Despite this attack occurring on a Sunday afternoon, our team responded quickly and we were operating normally again within an hour. Traders should not take it for granted that they will have access to Kraken when they need it and are encouraged to take advantage of our advanced order types for extra protection.
Kraken should only liquidate at the “real” price.
- Traders are encouraged to use advanced order types such as stop-loss to set their own exits. Prices on all assets are market-dependent and there is no distinction between “real” and “artificial”. Since all trades on Kraken are made with pre-funded, physical coins, traders set the prices. Spreads between markets are natural and reflect differences in participants, risks, costs. Those who trade on margin need to be aware of the risks of speculative, high volatility markets, flash crashes, stop hunting, whale error, etc. If you simply wish to have leveraged price exposure without trading deliverable assets, you should seek a derivatives market that uses a price index such as the Tradeblock XBX or CME-CF Real Time Index.
Kraken should roll back trades.
- We are very sorry for the unexpected losses many of our clients suffered today but we cannot roll back trades. As the lender, Kraken also took on losses as the result of accounts going negative through liquidations. We go to great lengths to minimize the risk of cascading liquidations, even putting a cap on how much can be borrowed both per account and globally, but our controls will never be perfect. Unfortunately, for an exchange, market integrity is sacrosanct. Traders must be able to rely on legitimate trades being honored. Any losses today are the gains of the trader who took the risk to provide liquidity on the other side.
Kraken should compensate me for my losses.
- Unfortunately, we cannot compensate traders for the outcome of naturally occurring events in the market, nor losses due to unavoidable DDoS attacks.
For further reading on performance guarantees (or lack thereof) see Kraken’s Terms of Service: https://www.kraken.com/en-us/legal
If this message resolved your inquiry or if your inquiry has been resolved in the mean time, there is no need to reply to this ticket.
Best regards,
Eliah,
Kraken Client Engagement
Please note that support is backlogged at the moment. Our ticket numbers increased fivefold over the past weeks and we are doing our best to catch up and resolve the situation. We are sorry for the inconvenience.
Keep your Kraken account secure by following this guide: https://support.kraken.com/hc/en-us/articles/201396837-What-can-I-do-to-make-my-Kraken-account-secure-
Follow the status of Kraken's operations here: https://status.kraken.com/
This massive selloff on virtual currency exchanges is the second of its kind in the last three weeks, with a similar event having taken place on April 19, 2017, as reported by ETHNews.
ETHNews will provide additional coverage as this story develops.