Are Traders Taking Advantage Before They Even Trade?

Jeff Wilkins

18th September 2019

At IS Risk Analytics, we oversee over 1 Trillion USD in notional volume on a monthly basis. This includes startup brokers, established powerhouses and everything in between.

Within our client books we see all of the tricks malicious “retail traders” use to take advantage of brokers. This includes cross broker arbitrage, malicious Expert Advisors (EAs), spraying the market, spoofing, the list goes on.


One strategy, although not new, which is increasing in frequency across the industry is traders flooding trade servers with orders. Specifically, we have seen an uptick in EAs that spam the server with order and modification requests. Quite often this is coming from an unfunded account, which is obviously working in conjunction with other traders and accounts.


The actual trading platform application can become overloaded when flooded with these requests. The application could be hosted on NASA’s Pleiades Super Computer and traders would still successfully spam the application. This has nothing to do with the hardware and everything to do with the number of orders the trading platform software can handle. For example, we have seen numerous instances of a single account with an EA placing around 250,000-500,000 requests on a server in a 24-hour period.

If left unresolved, the excessive load on the trading platform can lead to a sluggish trading environment for the entire business on that particular platform.

It is worth mentioning this is not always intentionally predatory behaviour as sometimes it is simply an EA spamming that will get modified or shutoff once a conversation is had with the underlying client. Other times, however, this is a direct attack on the platform with the intent of creating latency within the platform environment. This latency is then exploited by the traders in on this scheme.

So how do you protect against this?


Many platforms have preventative measures such as a limitation to the number of orders on an account or group of accounts. This isn’t always enough. We always make sure the platform environment is optimised but in addition we have built numerous alerts over the years that can notify us of this behaviour so that we can mitigate the situation before it becomes a problem and impacts the trading application.

Often this flooding strategy is used against multiple brokers at the exact same time. This is intentional as the malicious traders are scanning to see which brokers are not equipped to handle this and mitigate the problem. If you run a brokerage and this is not on your radar, there is a very good chance this is happening as you are reading this.

It is highly recommended for a broker to thoroughly review these accounts and devise appropriate action for each instance. Numerous factors should be considered including frequency of attempts, style of trading, account value, open positions, actual load created on the platform, EA utilisation, etc. Real-time scanning for this behaviour is an absolute must.

IS Risk Analytics (ISRA) provides world-class technology, risk management solutions, real-time analytics, and comprehensive consulting services to FX brokers of all sizes across the globe. The firm is part of ISAM Capital Markets, which also includes IS Prime, IS Prime Hong Kong and IS Prime Australia PTY Ltd.  For further information, please contact