On the 24th and 25th of July, we experienced two outages that required unexpected maintenance and restarting of the nodes. For the past two days, our developers have been working extremely hard and have been entirely focused only on locating and fixing this issue. As promised, we would like to let our users know the cause of these downtimes.
The first downtime took place at 16:34 UTC, on the 24th of July, and the second downtime took place at 2:26 UTC, on the 25th of July.
Our development team has identified the issue as a vulnerability in one of the API endpoints, which allowed for a potential DoS attack. This endpoint has been temporarily disabled, while the vulnerability got eliminated.
After the second downtime, we started rebooting our servers. However, when the system was back online, there was no cancel only period. Due to this, some stop-loss orders were triggered, which should not have happened. We have already determined customers eligible for reimbursement, and our customer support team will reach out to you.
We want to apologize to our users who put their trust in us and experienced issues due to this unfortunate situation.
We are continuously working on improving our system, and our top priority is the minimization of downtimes. In the last few weeks, we have been focusing solely on that. We have been working on adding two new nodes and new, very experienced system administrators have joined our team. We take each of these incidents very seriously, and our development team does everything it can to prevent these issues from happening again.
We are grateful for your understanding and hope you continue to enjoy trading at Deribit!