A popular derivatives trading platform used by options dealers and investment banks was hit with a cyber attack on Tuesday, disrupting trading of derivatives tied to stocks, bonds and currencies.
The Dublin-based ION Markets, the target of the attack, was forced to shut down some of its services temporarily, a decision that impacted some customers’ ability to book and process trades, according to media reports. While the company has confirmed the hack, it has offered few details about the incident.
The hack took place Tuesday, and was first reported late Tuesday night New York time by Twitter account PriapusIQ. In a message to MarketWatch, the owner of the account identified himself as Ryan Paisey, the CEO of PiQ Global, a news aggregation service.
In the tweet, Paisey said that “[b]asically, trading desks will be flying blind as no trades for today are going in on the overnight process.”
His tweet cited a communication from one of ION’s customers warning clients that “overnight processing” of trades would be impacted and that communications from ION should be “quarantined.”
width: 100% !important;
}
Others confirmed that a hack had occurred, and that it appeared to mostly impact operations in Europe.
Euronext, a major European exchange operator, acknowledged that ION had been hacked, and that the hack had impacted some of its clients. However, the exchange operator said it hadn’t been impacted directly, and that it was taking precautions. ION “provides connectivity for a number of Euronext clients.”
“This incident did not impact Euronext. Euronext teams continue to closely monitor the situation and as usual will take any appropriate action to secure fair and orderly markets,” a representative said in a statement emailed to MarketWatch.
On Wednesday, the TradeNews reported that that attack was likely carried out by Lockbit, a Russian-speaking ransomware gang, citing a communication from an affiliate of ION.
LockBit has gained substantial notoriety in recent months following “a multi-year rampage that has impacted hundreds of organizations around the world,” according to a Wired report published in late January.
ION responded to reports of the hack in a statement on its website entitled “Cleared Derivatives Cyber Event” where it confirmed that it had experienced what it described as a “cybersecurity event,” and that this “event” had impacted its business. The company added that it had managed to contain the damage.
“ION Cleared Derivatives, a division of ION Markets, experienced a cybersecurity event commencing on 31 January 2023 that has affected some of its services. The incident is contained to a specific environment, all the affected servers are disconnected, and remediation of services is ongoing. Further updates will be posted when available.”
A comment request sent to ION’s media line wasn’t returned.
The scope of the attack, and the fallout in terms of financial impact and market disruption, remains to be seen.
Bloomberg News reported Wednesday that the hack impacted 42 clients of ION Trading UK. But the fallout wasn’t just limitedsolely to ION customers: rival trade-processing systems had also been impacted due to complications matching off trades routed via ION, according to Bloomberg.
One week ago, a glitch on the New York Stock Exchange caused a handful of stocks to be halted for volatility shortly after the open. The exchange later blamed the incident on a malfunction of its disaster-recovery system, eventually linking it back to a mistake made by an employee with the exchange’s Chicago data center, according to Bloomberg.
