There's something that stands out about Monday's suspicious transfer of more than 3,520 BTC ($330.7 million) to privacy coin monero (XMR)

Monero, which obscures the sender's and recipient's addresses to provide an untraceable currency, has limited liquidity on exchanges

On Monday, more than 3,520 BTC (about $330.7 million) were mysteriously moved to privacy coin monero (XMR), probably linked to a hack, according to blockchain sleuth ZachXBT.

This decision to use an illiquid cryptocurrency is interesting. Usually, one would expect to see the funds move in Tether's USDT or ether (ETH) for a less slippage-prone way of moving the funds about and mixers such as Tornado Cash to help obfuscate the transaction path. Of course, stablecoins like USDT are also easier to intercept and freeze.

However, trading data suggests there was more going on than a simple case of someone trying to launder stolen funds.

The possible hacker very likely did encounter slippage during the transaction. Combined market depth, which measures order book liquidity over a given price range, was relatively low at around $1 million per 2% on both sides of the book. As a result of the limited liquidity on exchanges, XRM surged by 45%, which means they could have lost as much as 20% — $66 million — by purchasing XMR rather than a more-liquid token.

For a more complete picture, take a look at derivative markets. While monero was surging, open interest — the number of outstanding futures and options contracts — in XMR on the main centralized exchanges more than doubled to $35.1 million, according to blockchain analytics firm Coinalyze.

A 45% rise in XMR's price should have boosted open interest only to $24.2 million instead of the figure it ended up at. Taking into account the $1 million in liquidations, someone, or some people, were already long on XMR to the tune of $11 million.

While the price increase on that holding wouldn't have compensated for the full amount of slippage, it would help soften the blow. Moreover the figure doesn't take into account any positions that might have existed in decentralized exchanges, and let's not forget the funds were probably stolen in the first place, so the (assumed) perpetrators are still a couple of million dollars ahead.

This is not the first time bad actors have flooded spot purchases to move the derivative needle. Last month a trader manipulated JELLY prices on decentralized exchange HyperLiquid. They bought JELLY on illiquid exchanges, tricking the pricing oracle to feed an inaccurate price to HyperLiquid and thus generating profit for holders of long positions.

Both cases draw similarities to the $114 million exploit on Mango Markets in 2022, which involved a trader named Avi Eisenberg manipulating MNGO prices by borrowing assets using ill-gotten gains as collateral. Eisenberg was found guilty by a jury in 2024 and faces 20 years in prison.