Editor's Pick

dYdX Reveals Post-Mortem Findings: Identifies Attacker and Considers Legal Measures

Image Source: Unsplash

Decentralized exchange dYdX has released a post-mortem report detailing the “targeted attack” it experienced on its v3 platform in November. 

The attack resulted in a $9 million loss from its insurance fund, which represented approximately 40% of its total holdings.

In the report, dYdX stated that investigative efforts have successfully uncovered the identity of the attacker and that the company is currently engaged in communication with them. 

Furthermore, the platform is exploring potential legal actions against the perpetrator.

“Thanks to the efforts of our team, partners in the community and forensics contractors, investigative results have uncovered the identity of the attacker and we are in contact with them,” the DEX wrote. 

“dYdX is assisting law enforcement in their investigation of this matter and is assessing all legal options. dYdX is committed to taking any legal action it deems appropriate in these circumstances.”

How Did the Attack Pull the Hack?


According to the findings, the attacker executed a substantial number of 5x leveraged long positions in YFI, the native token of DeFi protocol Yearn Finance, across more than 100 wallets.

By purchasing spot YFI tokens using different addresses, the attacker caused the price to surge by 215%, as revealed by dYdX. 

The attacker then reinvested their unrealized profits into additional YFI-USD positions, reaching a maximum value of approximately $50 million. 

To restrict the attacker’s actions, dYdX increased the YFI-USD market’s initial margin requirement and adjusted the base and incremental position sizes on November 17.

However, on the following day, the price of YFI plummeted by nearly 30% within an hour, and the attacker failed to close their positions. 

As a result, the insurance fund automatically compensated for the losses incurred by the attacker, as explained by dYdX.

The report also mentioned a separate incident a week prior, in which the attacker employed the same strategy but targeted SUSHI instead. 

Although the attacker withdrew approximately $5 million in profits, it did not impact the v3 insurance fund because dYdX had raised the initial margin requirement to 100%, preventing further earnings for the attacker.

dYdX assured its users that no customer funds were affected by these attacks and indicated that the attacker likely did not profit significantly from manipulating the YFI market. 

In response to these orchestrated attacks, dYdX has implemented updates to its v3 trading platform to enhance open-interest monitoring and alerting capabilities.

Furthermore, dYdX mentioned that its upcoming v4 chain has been designed to mitigate risks similar to those encountered in this incident.

The upgraded chain incorporates a new software feature that automatically adjusts the initial margin fraction in response to abnormal price movements.

“The default code of the v4 open-source software (the ”dYdX Chain”) is already designed with these risks in mind in several ways.”

The post dYdX Reveals Post-Mortem Findings: Identifies Attacker and Considers Legal Measures appeared first on Cryptonews.

You May Also Like

Editor's Pick

Source: Ark Invest / Instagram ARK Investment Management, led by prominent investor Cathie Wood, has reduced its holdings in the Grayscale Bitcoin Trust (GBTC)...

Latest News

A super PAC that has overseen much of Ron DeSantis’s presidential operation has fired its CEO less than two weeks after the previous chief...

Latest News

WINDHAM, N.H. — It’s pouring rain Saturday morning as New Hampshire Gov. Chris Sununu (R) arrives at Mary Ann’s diner in Windham, fielding calls...

Stock

Popeyes is expanding its menu beyond chicken sandwiches — and it’s a permanent change this time. The fast-food chain announced Wednesday it’s adding five...

Disclaimer: Incomeinnovatorhub.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2024 incomeinnovatorhub.com