Hacker Loses 20% in Monero Conversion Amid Market Slippage
2min read On Monday, a suspicious transfer of over 3,520 BTC, valued at approximately $330.7 million, was converted into the privacy coin monero (XMR). Blockchain analyst ZachXBT suggested that this activity was likely linked to a hack, given the coordinated activity observed in the derivatives market.
Monero, known for its ability to obscure the sender's and recipient's addresses, has limited liquidity on exchanges. This makes it challenging for users to transact without affecting the market, exposing them to slippage, where the price changes unfavorably before the deal is finalized. The decision to use Monero, despite its illiquidity, is unusual. More liquid cryptocurrencies like Tether's USDT or Ether (ETH) would have provided an easier and less-slippage-prone way of moving the funds. Additionally, mixers like Tornado Cash could have helped obscure the transaction path. However, stablecoins like USDT are also easier to intercept and freeze.
Trading data indicates that more was at play than just an attempt to launder stolen funds. The possible hacker likely encountered slippage during the transaction. The combined market depth, which measures order book liquidity over a given price range, was relatively low at around $1 million per 2% on both sides of the book. xmr surged by 45% due to the limited liquidity on exchanges, meaning the hacker could have lost as much as 20% — $66 million — by purchasing XMR rather than a more-liquid token.
Examining the derivative markets provides a more complete picture. While Monero was surging, open interest — the number of outstanding futures and options contracts — in XMR on the main centralized exchanges more than doubled to $35.1 million. A 45% rise in XMR's price should have boosted open interest only to $24.2 million instead of the figure it ended up at. Taking into account the $1 million in liquidations, someone, or some people, were already long on XMR to the tune of $11 million.
While the price increase on that holding wouldn't have compensated for the full amount of slippage, it would help soften the blow. Moreover, the figure doesn't take into account any positions that might have existed in decentralized exchanges. It's also important to note that the funds were probably stolen in the first place, so the (assumed) perpetrators are still a couple of million dollars ahead.
This is not the first time bad actors have flooded spot purchases to move the derivative needle. Last month, a trader manipulated JELLY prices on a decentralized exchange. They bought JELLY on illiquid exchanges, tricking the pricing oracle to feed an inaccurate price to the exchange and thus generating profit for holders of long positions.
Both cases draw similarities to the $114 million exploit on Mango Markets in 2022, which involved a trader named Avi Eisenberg manipulating MNGO prices by borrowing assets using ill-gotten gains as collateral. Eisenberg was found guilty by a jury in 2024 and faces 20 years in prison.
