According to the company, this resulted in users from July 10th being unable to connect to the platforms for a period of time.
On Friday afternoon, OKCoin’s Chinese platform was first to receive large scale DDOS and CC attacks. The intent of the DDOS and CC attacks are to exhaust the platform’s server and bandwidth capacity to block access to the platform.
The Chinese exchange was apparently somewhat prepared for that attack, according to a statement.
Fortunately, OKCoin had purchased significant resources capable of defending against attacks, and only the Chinese platform’s K-line was unable to load, with all other aspects unaffected.
Later in the day, the attacks on OKCoin’s international platform were of much greater force than earlier.
The company stated how it reacted:
OKCoin’s tech team immediately set in motion the emergency response plan of switching to a highly secure server and enacting counter CC attack measures. These actions ensured that a large number of users were able to continue accessing the site for most of the time. However, as all of the counter DDOS and CC software contains the possibility of killing the program, switching the DNS to a secure server required some time to go into effect. This resulted in some users continuing to be unable to access the platform.
During the time that OKCoin was under attack, the Bitcoin price went through significant volatility.
The international platform was soon accessible again, and transaction volumes returned to normal levels. The K-line for the time period was as follows:
OKCoin provided the following answers to questions regarding the attacks and outages.
a. If the emergency response measures were in place against attacks, why were some users still unable to access the platform?
DDOS and CC attacks today are the leading problem faced by internet companies worldwide, and no entity has been able to guarantee users that there will be no issues 100% of the time. When attacked, OKCoin will immediately switch the network over to a highly secure server. However, the DNS switchover takes time to go into effect. CC protection tactics also requires some time to begin. This is why some users will be affected and be unable to access the platform.
b. Why not directly put the entire platform on the highly secured servers all of the time?
Thus far, all highly secure server speeds are not up to par. They only ensure that the platform can function normally under periods of attacks. For the reason of sub optimal speeds, most internet companies adopt a process where attack periods notwithstanding, users will access using the BGP route server. When under attack, traffic is routed to highly secured servers until attacks subside and traffic is returned to BGP.
c. Why are there still trades going through during the attack?
First, because different users use different networks, there will be different points at which users are switched over to the high secure server. Secondly, limit orders places in advance prior to the attacks are live and executable as normal. Thus, during the attack session, there will be new trades occurring throughout.
d. Is OKCoin intentionally blocking users from accessing the platform in order to manipulate the market?
To start, blocking users from accessing or trading has zero benefits for OKCoin in any sense. At present, OKCoin is the largest digital currency exchange in the world. The value of the entity and the brand of OKCoin is immeasurably more valuable than any gains to be had from manipulating the platform under any logic. OKCoin is like its users, a victim of this attack.
3. How do you rate OKCoin’s technical response to this incident?
While no internet service can 100% guarantee it is immune from the effects of DDOS and CC attacks, we can and must do better. We will increase investment in countering DDOS and CC attacks and improve our network infrastructure.
OKCoin indicated that it also setting up 2000 BTC compensation fund for this incident. OKCoin will fund the purchase of 1000 bitcoins, while also using 1000 bitcoins from the “clawback and vicious attack insurance fund” to create a 2000 bitcoin incident compensation fund.
Concerning those traders who suffered losses as a result of being unable to access OKCoin’s futures platform on July 10th from 17:00 to 17:19, OKCoin said it will carry out proportioned compensation according to the user’s realized losses. OKCoin will from Monday, July 13th 10:00 begin contacting the aforementioned user group. Users may also independently contact OKCOin via the contact info: 4006609037.
OKCoin also noted that compensation will be directly deposited to the affected users’ accounts, but that it is a one time measure and not to be viewed as a precedent.
OKCoin officially concluded with a condemnation:
OKCoin strongly condemns those who aim to manipulate the market through carrying out DDOS attacks. We, as a direct victim of these attacks, vow not to compromise. We will hand over the logged actions related to the attacks to the national police for an investigation of the source of these attack.