Background and timeline of the incident
On April 21, 2025, at 8:38 AM (+08), according to the latest reports, an exchange discovered abnormal trading activity in its VOXEL-USDT perpetual contract between 8:00 and 8:30 UTC on April 20, 2025. According to Cointelegraph, the 24-hour trading volume of VOXEL surged to $1.272 billion, surpassing Bitcoin's $465.6 million (data source: ChainCatcher). The price of VOXEL increased by more than 138% in a single day, which is extremely unusual for a relatively low-profile gaming token.
Subsequently, the exchange suspended accounts suspected of participating in market manipulation and announced that they would roll back these accounts within 24 hours, revoking the profits from the related trades. The CEO of the exchange stated in an interview with Cointelegraph that the trades occurred between individual market participants and that the platform itself was not directly involved, assuring that user funds were safe. They also promised to compensate users who suffered losses due to market manipulation, with the compensation plan supported by their $300 million protection fund.
Analysis of the cause of the incident
Is it a smart contract vulnerability?
First, it needs to be clarified that the 'voxel contract vulnerability' mentioned by users seems unrelated to the VOXEL smart contract itself. Searches for information on VOXEL smart contract vulnerabilities (such as Rapid Innovation) did not reveal any known vulnerabilities or security incidents concerning the VOXEL token's smart contract. Instead, the focus of the incident is on the trading system of the exchange platform.
According to reports from Mittrade and Cryptopolitan, the abnormal trading may have been caused by a malfunction of the trading bots on the exchange. Analyst Dylan believes that the bots might have executed trades at prices between $0.125 and $0.138, allowing some users to profit from this loophole, such as earning six-figure profits with just $100. The exchange has not clearly confirmed the specific cause of the malfunction, but its CEO emphasized that the incident is not a platform issue, but rather the behavior of individual traders.
Market manipulation and systemic risk
Another perspective suggests that the abnormal trading may involve market manipulation. For example, ChainCatcher mentioned that some in the community suspect it to be market manipulation. The roll-back measures taken by the relevant exchanges also indicate that they believe some accounts are suspected of manipulation. However, the lack of direct evidence proving whether it was human manipulation or a system flaw leads to some controversy.
In summary, evidence suggests that the incident was mainly caused by a malfunction of the exchange's trading system bots, possibly due to insufficient code logic or risk control mechanisms, rather than vulnerabilities in the VOXEL smart contract itself.
Industry comparison and insights
This incident has similarities to the Hyperliquid-Jelly incident in March 2025. According to Cointelegraph, Hyperliquid delisted related contracts after the price of the JELLY token surged by 400%, highlighting the common risks CEX faces when dealing with abnormal trading. Both incidents remind the industry that the system security and risk management of trading platforms are crucial.
Regarding this phenomenon and the usual recruitment of exchanges, I would like to initiate a topic:
Should recruitment focus more on ability or prioritize academic qualifications?
Research shows that excessive reliance on academic qualifications rather than actual abilities during recruitment may lead to a lack of capability in solving complex technical problems within the team. For example, the recent incident at the exchange may reflect deficiencies in its development and maintenance of the trading system, such as the code logic of trading bots or risk control mechanisms. If recruitment emphasized candidates' actual experience and skills (such as system security, automated trading development experience), it might reduce the occurrence of such problems.
For example, Cobalt also mentioned that the security of smart contracts and trading systems requires a deep technical background and experience, rather than just a simple academic background. Ability should always be the priority.
Conflict between KPI and quality
In the fintech field, KPIs such as trading volume growth, new user acquisition, or system iteration speed often become the focus of management. However, as QuillAudits pointed out, an excessive pursuit of KPIs may sacrifice quality, such as inadequate system testing or weak risk management. This incident may reflect this contradiction. Should we calmly consider and think about whether 'to quickly launch new contracts or increase trading volume, while ignoring system stability, ultimately leading to bot failure, is worth it?' Worth it? Not worth it? I'm not sure, just bringing it up for discussion.
Thank you for reading. I hope we can all achieve the results we desire in this industry.
