Following the July 10 DDOS and CC attacks at OKCoin, the topic of socialized losses and the negative impact they have on trader’s accounts has come to light again. On Friday, OKCoin announced a 55% socialized loss on the futures contract for Litecoin.
“Above all kinds of attacks, the toughest challenge is defending DDoS attacks.”
— Zhou Minghao, Huobi Director of Security
Last year BitVC suffered losses of 47% — and quite a backlash as a result. Generally these incidents occur because of the massive speed and volatility of the price dump. A “system loss” results, caused by high leverage and low liquidity.
It’s important to note liquidations are not market orders. So when the price moves excessively and the DDOS attacks occur, many traders do not have access to the website. Their positions get margin-called as limit orders and it causes severe losses which are exacerbated by a selling stampede.
What Happened
The sequence of events went like this:
- A user opened a large long position.
- When the price goes down, this position will lose money.
- Eventually the position gets margin-called, so the system needs to liquidate the position by placing a short order in the market.
- Usually the closing order is filled in the market and everything is fine. However, in a volatile market where there isn’t a lot of liquidity (due to DDOS and CC attacks, among other reasons), there’s no one to buy at certain prices and the order doesn’t get filled.
- Since this order doesn’t get filled, the long position is still open and will experience a huge loss.
- Since the accounts aren’t liquidated successfully due to no counterparty, the price keeps going down, and the losses pile up, to a point where traders owe more than their trade was worth.
- All the trades together become “the system loss,” including the traders who profit.
- The exchange then has to ask the person who profited to share the loss with everyone else on the settlement day at a certain percentage.
- In this case it turned out to be a 55% loss, leaving even those who profited to be margin-called.
As a result, OKCoin has agreed to partly compensate users who couldn’t access the website during the DDOS attack. This, however, does not cover the 54% share of the socialized losses. The first 1,000 BTC of OKCoin’s compensation comes from their fund of risk provisions. The other 1,000 is coming from the clawback — in other words, the remaining assets in customers accounts after liquidation.
The chart below shows the event that occurred.
Lessons Learned
Cointelegraph spoke with two senior executives at Huobi — Wang Huaiqiang, Senior Operating Director of Trading, and Zhou Minghao, Huobi’s Director of Security — as well as another representative from the international team. We discussed lessons learned from their own problems with socialized losses on BitVC last year, new enhancements they’ve added to BitVC, and their risk-control methodology.
“First, we established a risk reserve system, of which Huobi is the first company in the business to do so.”
— Wang Huaiqiang
Cointelegraph: What did Huobi learn after the incident last year?
Wang Huaiqiang: In terms of BTC futures, BitVC came up with three steps for improvement.
Firstly, an exchange platform should be responsible for its users. According to our analysis, a large amount of system loss is caused by highly leveraged trading and lack of liquidity. Compared to bitcoin, litecoin futures trading has higher risks. Under that circumstance, we adjust the maximum leverage level of bitcoin futures trading season contract from X20 down to X10. Then, because of high price volatility of LTC futures trading, BitVC decided not to provide LTC futures trading service any more. Moreover,BitVC reduced the liquidation risks from 90% to 85% and introduced a leading system of automatic counterparty deleveraging to manage forced liquidations.
First, we established a risk reserve system, of which Huobi is the first company in the business to do so. We put 20% of BitVC’s service fee income into this risk reserve, prioritizing to compensate our users’ loss caused by system losses. There are some other exchange platforms coming up with similar strategies after us.
Second, all the liquidated accounts during that period and the trading status of each order in the market are totally opened to the public.
Third, even though the cause of system loss is the market risks, we would like to cordially return the full amount of each user‘s share of socialized loss in the form of waiving the service fee in the future.
Now, the most leading automatic counterparty deleveraging system created by BitVC has solved the problem of system loss thoroughly.
“While [socialized losses have] succeeded in preventing insolvency during periods of extreme volatility, as it was designed to do, it has also been unpopular with many users. Now we have designed an alternative.”
— Wang Huaiqiang
CT: Does Huobi still use socialized losses? If not, how is BitVC different now?
Wang Huaiqiang: The automatic counterparty deleveraging system has solved the problem. Detailed information about this system is as follows.
In order to offer high-leverage bitcoin futures trading while managing systemic risk, BitVC has used a system of proportionally allocating systemic losses from forced liquidations at contract settlement time. This is commonly referred to as socialized losses. While this system has succeeded in preventing insolvency during periods of extreme volatility, as it was designed to do, it has also been unpopular with many users. Now we have designed an alternative which will eliminate the need for socialized losses.
BitVC introduced a new method of managing forced liquidations — automatic counterparty deleveraging. When a trader's dynamic equity falls to the forced liquidation trigger level, the system automatically closes his position.
However, during periods of extreme market volatility, there may be insufficient counterparty buy or sell orders in the order book, resulting in a failure to complete the forced liquidation at the target price and a negative account balance. Under the socialized loss system, these negative account balances were covered by deducting the cumulative negative amount proportionally from profits at contract settlement time. Under the new system, if a forced liquidation occurs and there are insufficient counterparty orders to close the position, the system will automatically reduce the leverage of open counterparty positions to ensure that the liquidation order can be filled at the target price, thus preventing negative balances.
“A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. It does a lot of damage when the price is volatile.”
— Zhou Minghao
CT: What are the main threats to an exchange and how have you prepared for such incidents?
Zhou Minghao: The biggest threat is a cyber attack. Above all kinds of attacks, the toughest challenge is defending DDoS attacks. A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. It does a lot of damage when the price is volatile. We have deals with the leading technology companies who ward off these types of attacks.
CT: Talk more about your security. Do you use multisig? What percent is in a cold wallet? Why and when did you implement this?
Zhou Minghao: Yes, we use multisignature to reserve most bitcoins. 98% of bitcoins are in cold wallets. By multisig, we could do a double check when authorizing transactions. It is a good practice to avoid single point risk. We make use of the core concept of defense-in-depth to design our system.
Besides multisig wallets, we set up many measures to make our system work securely without integrity of one server or one employee. Most of them have been achieved last year, and they are being improved continuously according to the Deming circle theory.
CT: Can you talk about new features on BitVC and what's different from last year?
Wang Huaiqiang: Besides introducing automatic counterparty deleveraging, BitVC never stops improving the product, aiming to perfect with practical functionalities. The Split account function has helped enhance traders’ ability to control risk and close out large positions easily (see also here). Adding BTC-USD spot trading provided more options for our users (see also here). Enabling transfer between BitVC, Huobi and BitYes offered a much more convenient way of asset management between accounts under Huobi brand (see also here).
CT: Anything else Huobi would like to highlight?
Huobi Representative: Huobi believes that an exchange platform should be responsible and secure for all of its users. We also believe professionalism, security and customer service come before the pursuit of profits, so we urge our customers and potential customers to give us feedback on how we can enhance our product suite. We respect our customers, and their opinions matter most to us. Only by improving the product and having a customer-first attitude can we push the progress of the industry in a positive direction.