Market Anomaly: Bear Raid (spot-based)

• 21 Jun 2017 – ETH flash crash on GDAX/Coinbase Pro (spot): A very large market sell triggered stop cascades within seconds; ETH briefly dropped from ~296 USD to near 0.10 USD, then recovered. Intent unclear; exchange statements & press coverage (Business Insider, Fortune).
• 21 Oct 2021 – BTC flash crash on Binance.US (spot): BTC fell to 8,200 USD within a minute and rebounded immediately; the exchange blamed an algorithmic bug. Bear-raid-like impulse without proven malicious intent (CoinDesk / Bloomberg).
• 08 Mar 2018 – Mt. Gox trustee sell-offs: Large spot distributions by the trustee coincided with downward phases; causality/intention debated. Concentrated spot selling correlated with drawdowns (Cointelegraph / Forbes: pro & contra).

Distinction: Derivatives liquidations are not spot evidence; this article concerns CEX spot order books only.

1. Preparation: Identify thin bid depth and fragmentation (off-peak UTC, round numbers / local lows).
2. Aggressive sell burst: A series of marketable sells (Market/IOC/FOK) hits the touch; sell-aggressor share surges, best bid is repeatedly walked down and down-tick runs lengthen.
3. Amplifiers: Bid cancels, spread blowouts, lead/lag behaviour: a core venue falls first and others follow; stops and resting bids are picked off. Without fundamental pressure a rapid reversion often follows.

• Sell-aggressor dominance: Notional-weighted share of aggressive sell trades ≥ P99 in 1/5-minute bins vs 30-day baseline.
• Bid-depth evaporation: Bid/Ask depth ratio (Top-5) ≤ P1; best-bid half-life ≤ P5.
• Spread jump + down-tick runs: Spread blows out (bps) while serial down-ticks push the mid lower.
• VWAP drift vs mid: VWAP ≪ mid (sell-driven, high impact).
• Cross-venue coherence: Lead/lag 0.5–1.0 s: core venue leads, ≥2 venues follow.

• No auction close, 24/7: No closing auction with imbalance controls; off-peak windows are more vulnerable.
• Fees & VIP rebates: Fine-grained maker/taker economics can make aggressive sell sequences economically viable.
• Transparency limits: L2 often insufficient to see full cancel waves; hidden/iceberg orders distort apparent depth.
• Fragmentation: Different tick/lot/queue rules and latencies enable venue-selective attacks.

Surveillance & duties: FINRA Rule 5210 addresses misleading publications/quotations; with SEC Rule 613 (CAT) order life-cycles (Order→Amend→Cancel→Trade) can be robustly attributed. Mechanical safeguards: volatility halts/collars & auctions reduce cascade risk. Result: bear raids are riskier and shorter-lived on regulated venues than on CEX spot.

• MiCA timeline: In force 29 Jun 2023; applicable since 30 Jun 2024 (e.g. ART/EMT) and 30 Dec 2024 (CASP duties). Transitional windows up to 01 Jul 2026 may apply - leading to staggered supervision in 2025/26.
• Surveillance consequence: Intent-agnostic indicators (sell-aggressor, depth ratio, down-tick runs, spread jump, lead/lag) gain relevance in absence of a CAT equivalent.
• Practical benefit: Early warning reduces slippage/stop-outs, improves best-execution evidence and yields MiCA/MAR-ready dossiers.

Baseline: 30-day history, hourly bins (UTC), ±15-minute tolerance per symbol×venue; percentile-based thresholds.

Metrics (selection): Sell-aggressor share, Bid/Ask depth ratio (Top-5), down-tick run length, spread jump (bps), VWAP drift vs mid (bps), OTR, best-bid t½ (ms), cancel rate at bid, lead/lag (1-s bins, ≥3 venues), round-size ratio, Benford distance (L1).

E3 – High (combined strong downward signature)

• Sell-aggressor share ≥ P99 and Bid/Ask depth ratio ≤ P1 and spread jump ≥ P99,
• Best-bid t½ ≤ P1 plus down-tick run length ≥ P99 within ≤ 2 min,
• VWAP drift vs mid ≤ P1 (strongly negative) with OTR ≥ P99,
• Cross-venue coherence: ≥ 3 venues trigger E2/E3 within ≤ 3 s of each other.

E2 – Medium (partial signals)

• Sell-aggressor share ≥ P98 or depth ratio ≤ P5,
• Spread jump ≥ P98 or down-tick run ≥ P98,
• Lead/lag deviation: one venue leads by > 700 ms across ≥ 5 consecutive 1-s bins.

E1 – Low (early warning)

• Rising bid cancel rate with sell-aggressor share ≥ P95,
• BBO changes/s ≥ P95 (flicker accompaniment) without a strong spread jump,
• Round-size clustering (Benford-L1 ≥ P90) in sell prints.

• Event filters (UTC): Listings/relistings, maintenance, macro slots (CPI/FOMC), large on-chain transfers; treat perp-driven cascades only as context.
• Legitimate alternatives: Inventory reductions by large holders, TWAP/POV sell programs, OTC outflows hedged on spot - if reversion is absent and notional path is consistent, that argues against a bear raid.
• Cross-venue check: E3 only when coherent triggers appear on ≥ 3 venues; exclude single-venue glitches.
• Data quality: Discard windows with L2 gaps/errors > 1%; report measures in bps/ms, UTC-stamped with notional documented.

• Execution & Risk: Early bear-raid detection protects stops, avoids unnecessary crossings and reduces slippage; improves limit placement.
• Alpha protection: Exploit reversion windows after artificial sell bursts; reduce turnover costs.
• Best-Execution & Supervision: Sequence dossiers (sell-aggressor, depth ratio, down-tick runs, spread jump, lead/lag) are audit-ready and support MiCA/MAR-compliant reporting.

• Business Insider – Ethereum had a flash crash - here’s what happened (22 Jun 2017).
• Fortune – Coinbase to Pay Back Ethereum Flash Crash Losses (26 Jun 2017).
• Bloomberg – Bitcoin Crashed 87% on Binance’s U.S. Exchange Due to Algo Bug (21 Oct 2021).
• CoinDesk – Bitcoin Price Flash Crash on Binance.US Attributed to Trader Algorithm Bug (21 Oct 2021).
• Cointelegraph – Mt. Gox sell-off reports (08 Mar 2018).
• Forbes – Blaming Mt. Gox... Doesn’t Compute (12 Mar 2018).
• Kaiko – Moving markets: liquidity and large sell orders (29 Aug 2024).
• ESMA – Statement on MiCA Transitional Measures (17 Dec 2024).