Kronos Research loses 42 million due to two engineers maliciously altering algorithms
Kronos Research, a Taiwan-based quantitative trading team, suffered a loss of $1.4 million (approximately NT$42 million) in 2020 due to issues with their trading strategies.
The root cause of this significant loss was found to be the deliberate modifications made by two engineers within the company. These engineers had altered the algorithm used for simulating trading environments and predictive analysis, leading to unfavorable investment decisions regarding cryptocurrencies.
Recently, the Taipei District Court issued a verdict on this case, which occurred three years ago. One engineer, surnamed Chen, was sentenced to 1 year and 4 months in prison, along with a fine of NT$240,000. The other engineer, surnamed Xu, received a 10-month sentence and a fine of NT$300,000. However, Xu does have the option to appeal the ruling.
The discontent of the two engineers, who had not received promised bonuses, led them to tamper with the system before leaving the company. Kronos Research, founded in 2018, quickly became one of the world’s top five cryptocurrency quantitative trading teams, achieving a daily average trading volume of $5 billion and a record-high daily trading volume of $23 billion in just a few years. In February 2022, they even posted job openings on the Soft_Job board of PTT, a popular Taiwanese website, offering annual salaries ranging from NT$2.5 million to NT$10 million, along with 47 months of year-end bonuses. It can be said that they were a highly promising team in the field of quantitative trading.
However, in May 2020, their investment strategies started to go awry, resulting in accumulated trading losses of around $1.4 million. Chen was responsible for developing an automated trading system called “Zeus” in collaboration with other employees from September 2018 to May 2020. This system facilitated Kronos Holdings’ cryptocurrency quantitative trading activities in the British Virgin Islands. Xu, on the other hand, was in charge of software development and major system security maintenance from October 2018 to May 2020.
Before leaving the company, both engineers embedded errors in the code of the simulation and predictive analysis programs, as they were dissatisfied with the unpaid bonuses promised by Kronos Research and Kronos Cayman. On May 1-3, 2018, Xu changed a piece of code from “x:x+1” to “x:-x+1”, causing the system to mistakenly identify the “worst combination” as the “best combination” and make erroneous investment decisions. Additionally, on May 9 of the same year, Chen developed a program that altered electromagnetic records and entrusted Xu to execute it. This caused the system to misjudge the cryptocurrency market price trends and execute incorrect trades. To cover up their tampering, the two engineers later deleted these records.
After leaving the company, Chen hacked into the founder’s account to confirm the extent of the losses and access confidential investment strategy data. It was due to this action that Kronos Research discovered the system breach and, upon investigation, traced it back to the engineers who had already left the company.
Both engineers pleaded guilty upon their arrest. However, their defense argued that the alterations they made would only result in the system selecting “suboptimal” investment combinations instead of the “worst combination,” and the system’s default stop-loss mechanism was not triggered.
Nevertheless, the judge ruled that the two engineers had made over 700 errors in the system’s code and deleted the traces of these errors, making it difficult to investigate. Their misuse of technology caused significant damage to the company. Taking into account their admission of guilt and lack of prior convictions, they were convicted of computer misuse and forgery of documents. Chen received a sentence of 1 year and 4 months, along with a fine of NT$240,000, while Xu received a 10-month sentence and a fine of NT$300,000. However, Xu has the right to appeal the ruling.
This case serves as a warning for companies in the technology and cryptocurrency fields. As cryptocurrency trading companies increasingly rely on system algorithms and automation, the risk of internal sabotage also rises. Enterprises should strengthen their internal security measures and maintain open channels of communication with their employees to prevent dissatisfaction from turning into destructive actions.