[harrumph]

>taking a number from the firm's name

I'm lost as to what is meant here by "number". Are you saying the target firm was randomizing its iceberg order's component order sizes using the same seed? If yes, how could the target firm's usage of that seed be known by the "attacker" here?

[darksaints]

The target firm had a number in their name, kinda like a16z or Office365. The attacking quant knew the target was using iceberg orders which split up and randomize parts of large orders. Attacking quant took a guess at an RNG seed by guessing they used the number in the target firm's name, and then somehow fit the resulting random number stream to order chunk sizes, and was able to confirm they used that number as a seed. From then on, using that information, they would identify (I'm assuming probabilitistically) when the target firm was executing a large iceberg order, and then front run the remainder of their order.

It sounds ridiculous on its face, but the industry is known for going to extremes, and that sort of problem solving isn't unheard of in other domains (like cryptography for example). I'm way out of my depth with understanding it, and it could be complete bullshit, but it isn't outside the realm of what I've seen proven in the past, which is why I'm hoping someone someday will confirm it.

[azernik]

That... sounds amateurish. Everyone just uses a hardware RNG for random number seeds.

[darksaints]

It would be amateurish if it were cryptography for sure. But I would never expect that sort of attack vector as a quant. Most quants are worried about alpha loss, not having your order flow fingerprinted.

[ah-]

Well it's nice for testing to have something repeatable. But still sounds like an urban legend.

[simonh]

Nowadays yes but I suspect this story is from decades ago, before hardware RNGs and good cryptographically secure algorithms were commonplace.