Decentralized exchange dYdX exposes details of $9 million attack on its v3 platform
Decentralized exchange dYdX has released a post-mortem report regarding a “targeted attack” on its v3 platform in November, resulting in a $9 million loss in its insurance fund, equivalent to approximately 40% of the total fund. The exchange’s investigation has identified the attacker’s identity, and legal actions are being considered against the perpetrator. dYdX attacker’s […]
Decentralized exchange dYdX has released a post-mortem report regarding a “targeted attack” on its v3 platform in November, resulting in a $9 million loss in its insurance fund, equivalent to approximately 40% of the total fund. The exchange’s investigation has identified the attacker’s identity, and legal actions are being considered against the perpetrator.
dYdX attacker’s strategy and impact
The attacker executed a significant number of 5x leveraged long positions in YFI-USD (Yearn Finance’s native token) across over 100 wallets. By acquiring spot YFI tokens using various addresses, the attacker triggered a 215% surge in the token’s price.
Subsequently, the attacker reinvested their unrealized profits into additional YFI-USD positions, eventually reaching approximately $50 million.
To counteract the attacker’s actions, dYdX adjusted the YFI-USD market’s initial margin requirement while reducing the base and incremental position sizes. However, the attacker persisted, and on November 17, YFI’s price experienced a sudden drop of nearly 30% within an hour.
Despite the plummeting value of their holdings, the attacker failed to close their positions. The exchange’s insurance fund automatically compensated for the losses incurred by the attacker.
In a similar strategy employed a week before the YFI incident, the attacker targeted SUSHI-USD, extracting approximately $5 million in profits.
However, dYdX preemptively increased the initial margin requirement for SUSHI-USD to 100%, thwarting further attempts by the attacker.
Customer funds remain unaffected
dYdX has clarified that no customer funds were impacted by these attacks. Furthermore, it suggested that the attacker did not successfully profit from manipulating the YFI market.
In response to these orchestrated attacks, dYdX has implemented various security enhancements. The exchange has updated its v3 trading platform to include improved open-interest monitoring and alerting mechanisms.
Additionally, the upgraded v4 chain, designed to mitigate risks similar to the November incident, incorporates a new software feature that automatically adjusts the initial margin fraction in response to abnormal price movements.
Future outlook
While dYdX continues to communicate with the attacker and explore potential legal actions, it remains committed to bolstering its security measures to safeguard its users and assets.
The exchange’s proactive approach in enhancing its platform’s security and risk management capabilities is aimed at preventing future exploits.
What's Your Reaction?