dYdX exchange releases post-mortem results of November $9 million attack

[ad_1]

Decentralized exchange dYdX has released a comprehensive report analyzing “targeted attacks” encountered on its v3 platform in November.

The incident resulted in a loss of US$9 million from its insurance fund, accounting for approximately 40% of the total value of the fund.

dYdX reported on January 3 that their investigation has successfully revealed the identity of the attacker and that they are currently communicating with the attacker.

1/ After investigating the YFI incident on dYdX v3, we have successfully tracked down the person responsible and reported it to law enforcement.

Here’s our in-depth analysis and next steps 🧵https://t.co/JGxebpERYl

— dYdX (@dYdX) January 3, 2024

Additionally, the platform is considering various legal measures against the perpetrators of the attack.

“dYdX is assisting law enforcement investigating this matter and is evaluating all legal options. dYdX is committed to taking any legal action it deems appropriate under these circumstances.”

dYdX Team

How is the hack performed?

The investigation revealed that the attackers used more than 100 different wallets to conduct a large number of 5x leveraged long positions in YFI, the native token of the Defi protocol Yearn Finance.

By purchasing YFI tokens from multiple addresses, the attacker increased the price of the token by a massive 215%.

They then reinvested the unrealized profits into more YFI-USD positions, ultimately reaching a total value of approximately $50 million.

In response to this problem, dYdX quickly increased the initial margin requirements and adjusted position sizes in the YFI-USD market on November 17. Despite these efforts, the price of YFI plunged 30% in one hour the next day.

Therefore, as dYdX explains, the insurance fund automatically compensates the attacker for the losses caused.

The report also highlights a related incident that occurred a week ago, where attackers used the same methods, this time targeting the cryptocurrency SUSHI.

Although the attacker successfully withdrew approximately $5 million in profits, this did not affect dYdX v3’s insurance fund as the exchange has increased the initial margin requirement to 100%, thus preventing the attacker from making additional profits.

dYdX assures customers that customer funds remain safe and unaffected by these events. Furthermore, the manipulation tactics used in the YFI market did not result in significant profits for the attackers.

In response to these attacks, dYdX has updated its v3 trading platform to enhance its monitoring and alerting mechanisms for open positions.

In addition, the company emphasized that its upcoming v4 chain is developing features to deal with such risks, including automatically adjusting the initial margin ratio in response to abnormal price movements.