One uncopied file. $440 million in 45 minutes.

A market maker's deployment script skipped one of eight servers. That server still had eight-year-old test code sitting dormant — and a repurposed flag woke it up, sending a flood of runaway trades that nearly ended the company before lunch.

Knight Capital trading glitch Knight Capital $440 million loss algorithmic trading failure bad deployment cost example
Scroll for the timeline
45min From market open to trading halt
$440M Loss — nearly the firm's entire market cap

What happened, in one table.

Sources are linked inline; this incident is unusually well documented thanks to the SEC's subsequent investigation and public order.

Date August 1, 2012, from market open at 9:30am ET.
What broke A technician deploying new order-routing code forgot to copy it to one of Knight's eight production servers. That server still carried an old, unused test function called "Power Peg," and a flag repurposed by the new code accidentally reactivated it — sending a flood of unintended buy and sell orders into the market.
Scale In roughly 45 minutes, Knight's system sent more than 4 million orders while attempting to process just 212 legitimate customer orders, trading about 397 million shares across roughly 154 stocks and building large, unwanted positions.
Detection and stop Knight's engineers spent nearly 45 minutes diagnosing the erratic trading before shutting the system down — there was no automatic circuit breaker or kill switch that could halt the specific misbehaving process on its own.
Reported cost Knight Capital disclosed a $440 million trading loss — larger than the firm's profits for the prior several years combined. The loss nearly wiped out its market capitalization, forcing an emergency capital raise, and within months Knight was acquired by competitor Getco in a rescue transaction.

No rollback plan, no kill switch.

This is the fastest, most concentrated loss in this list — a reminder that speed of detection matters more than almost anything else in automated systems.

01

Dead code is not harmless code

The Power Peg function had been unused for years but was never removed — a flag repurposed elsewhere in the codebase was enough to wake it. Deprecated code paths carry latent risk for as long as they exist.

02

Partial deployments are worse than no deployment

Seven of eight servers got the correct update; the eighth didn't. A deployment process without automated verification that every node matches the intended state can leave a system in a worse condition than before the change.

03

Detection time is the whole cost here

Every minute the system ran added losses at a rate few other incidents on this list can match — for automated trading, a fast, automatic kill switch is worth more than almost any other single reliability investment.

Knight Capital, answered.

Questions that come up when citing this incident in a deployment-safety or trading-infrastructure case.

Was this a hack or a market manipulation attempt? No — regulators and Knight itself attributed it to an internal deployment error, not any external attack or intentional manipulation.
Did Knight Capital recover? Not independently — the firm survived only through an emergency capital infusion from investors, and was acquired by Getco within months, later becoming part of KCG Holdings.
What changed in the industry afterward? The incident became a widely cited case for the importance of pre-deployment checklists, canary releases, and automatic circuit breakers in any system that can take financial action without human review.
How would this map to the calculator? See the broker-dealer calculator, which models exactly this kind of low-frequency, high-severity trading infrastructure risk with a short MTTR target.

What would 45 minutes of runaway automation cost you?

Model your own trading systems, revenue exposure, and recovery time using the same formula.

Mode

Accent