dYdX Experiences Targeted Attack
dYdX, a decentralized exchange, has published a post-mortem report detailing a “targeted attack” it faced on its v3 platform in November. The attack resulted in a $9 million loss from its insurance fund, which accounted for about 40% of its total holdings. The report reveals that the identity of the attacker has been discovered, and dYdX is currently communicating with them. Additionally, the platform is exploring potential legal actions against the perpetrator.
How Did the Attack Occur?
The attacker executed numerous 5x leveraged long positions in Yearn Finance’s native token, YFI, across more than 100 wallets. By purchasing YFI tokens using different addresses, the attacker caused the price to surge by 215%. They then reinvested their unrealized profits into additional YFI-USD positions, reaching a maximum value of approximately $50 million. Despite attempts to restrict the attacker’s actions, they failed to close their positions when the price of YFI plummeted by nearly 30% within an hour.
No Customer Funds Affected
dYdX assures its users that no customer funds were impacted by these attacks. The platform has made updates to its v3 trading platform to improve open-interest monitoring and alerting capabilities. Additionally, dYdX’s upcoming v4 chain includes features designed to mitigate risks similar to those encountered in this incident, such as automatically adjusting the initial margin fraction in response to abnormal price movements.
Hot Take: dYdX Takes Action Against Attacker
dYdX has identified the attacker responsible for the targeted attack on its v3 platform and is actively engaging with them. The company is also considering legal measures and assisting law enforcement in their investigation. Although the attack resulted in a significant loss from the insurance fund, no customer funds were affected. dYdX has implemented updates to its trading platform and is developing its v4 chain to enhance security and mitigate similar risks in the future.
By
By
By
By
By