Was the major crash on October 11th caused by a targeted attack?

Original Title: "Was the Crash on October 11th Caused by a Targeted Attack?"

Original Author: Master Brother from Australia, Crypto KOL

These past two days, as I was writing posts about liquidations, this question kept lingering in my mind: with such a massive scale of liquidations, who was the biggest beneficiary? How much did they make?

Today, this post by Miss helped me reorganize my thoughts by providing a well-structured timeline.

After chatting with her, I realized that many coincidences stacked together made this crash seem a bit odd, and the more I looked at it, the more it resembled a carefully orchestrated targeted attack. We’ve seen similar attacks before, such as during the LUNA collapse.

-- Targeting systemic risk accumulation, giving a gentle push at the weakest point

YQ’s post is quite long, so I’ll briefly summarize a few details and my own speculations to see what really happened:

There were three triggers for this major crash -- USDe, WBETH, and BnSOL. The latter two used spot prices for their oracles, but for assets with poor liquidity, spot prices are easily manipulated. Binance had already detected the risk and announced it would change the oracles on the 14th (later moved up to the 11th).

The attack happened just before the oracle update, and this vulnerability of the outdated oracle led to a second wave of complete collapse.

Let’s look at how the attack started:

First was USDe. During the attack (5:43 am), there was an instant spot sell-off of up to 60M. The attacker likely accumulated enough chips over a period of time and then dumped them all at once. USDe’s spot liquidity was insufficient to support this, causing the first depeg.

At 5:44, USDe dropped to a low of $0.89. Positions using USDe as collateral rapidly lost value, triggering margin calls.

Because Binance’s unified margin system allows cross-asset collateral, this led to forced liquidations of wBETH and BNSOL positions. With very poor spot liquidity for wBETH and BNSOL (wBETH’s average daily trading depth is only about 2,000 ETH), forced liquidations caused their spot prices to depeg by over 20% in a short time. At this point, Binance’s oracle for collateral value was still using spot prices, causing collateral value to shrink drastically and triggering a massive wave of liquidations.

Then the recursive liquidation loop began (BN crashed due to a traffic surge):

Users employing yield loop strategies (staking ETH/SOL → minting wBETH/BNSOL → borrowing USDT → swapping for USDe) faced full account liquidation. When USDe depegged, the collateralization ratio fell below the 91% threshold, and the system automatically liquidated all assets, further intensifying the sell pressure on wBETH/BNSOL.

Eventually, the depeg peaked: USDe at 0.65, wBETH dropped to $430, BNSOL dropped to $34.90

Why do I suspect a targeted attack:

Coincidence 1: The attack happened just before Binance announced it would fix the oracle vulnerabilities for two key assets (BNSOL and wBETH).

Coincidence 2: During the attack, a massive 60M USDe spot was dumped instantly, with no regard for slippage losses from such a sale, which is highly abnormal.

Frankly, there have been many cases in the last DeFi summer where manipulating oracles triggered chain liquidations for profit. But this time, perhaps because Binance is so massive and there was no flash loan to leverage up, the attacker needed a lot of time and money to prepare.

The attacker’s possible profits, as estimated by Miss, are close to what I speculated in a previous post:

· Potential short profits: $300-400 millions
· Accumulation of assets at bad prices: $400-600 millions
· Cross-exchange arbitrage: $100-200 millions
· Potential total profit: $800 millions - $1.2 billions

Perhaps the biggest attack profit in recent years?

If Binance wanted to, they could probably use KYC to investigate the attacker’s identity (though it’s possible fake identities were used). But morally speaking, the other party didn’t really commit a crime—they just exploited a loophole in the rules and triggered the biggest avalanche in crypto history by tossing a snowball.

Can it be prosecuted? Hard to say

I suggest investigating to see if what I said makes sense. Also, I recommend everyone take a look at Miss’s original post if you have time—the timeline is very well organized, and it includes the withdrawal times of market makers, which explains from another angle why Binance’s spot prices were lower than other exchanges: Binance’s market makers suffered heavy losses in a short time during the disaster and had to withdraw to hedge risk.