The decentralized exchange dYdX has recently fallen victim to a targeted attack resulting in significant losses. In this article, we will explore the details of the attack, the impact on dYdX and the broader crypto industry, and the measures taken to prevent future incidents.
On November 17th, dYdX experienced a targeted attack that specifically targeted long positions in Yearn.Finance (YFI) tokens on the exchange. This attack resulted in the liquidation of positions worth nearly $38 million. The attack occurred shortly after YFI had experienced a remarkable surge of over 170%, leading to suspicions of market manipulation.
Following the attack, the dYdX team took swift action to address the situation. They used their v3 insurance fund to cover the losses, amounting to $9 million. The insurance fund was deployed to fill gaps in the liquidation process within the YFI market. Fortunately, no user funds were affected by the attack. The dYdX team is currently working to investigate the event further.
Antonio Juliano, the founder of dYdX, publicly acknowledged the attack and described it as a targeted attack against the exchange. He expressed suspicions that the trading losses incurred by dYdX, along with the significant decline in YFI, were the result of market manipulation. Juliano announced that a comprehensive review of risk parameters would be conducted and necessary modifications would be made to both v3 and the dYdX Chain software.
As a proactive measure to prevent future incidents, dYdX increased margin requirements for “less liquid” markets, including EOS, RUNE, AAVE, and others. This step aims to reduce the vulnerability of these markets to potential attacks and maintain the overall security and integrity of the exchange.
The significant drop in YFI’s market capitalization, resulting from the profitable trade that triggered the attack, has raised suspicions within the community about a potential insider job in the YFI market. Some users have claimed that 50% of the YFI token supply is held in 10 wallets controlled by developers. However, data from Etherscan suggests that some of these holders are crypto exchange wallets rather than developer-controlled addresses. While the investigation is ongoing, it is crucial to refrain from making any definitive conclusions regarding the nature of the attack.
The attack on dYdX is not an isolated incident, but rather part of a rising trend of hacks and scams plaguing the crypto industry. According to a report by blockchain security platform Immunefi, there were 76 hacks on crypto and Web3 projects and firms in Q3 2023. This marks a significant increase compared to the 30 hacks reported in the same period in 2022. These exploits, hacks, and scams have resulted in approximately $332 million in losses throughout September alone, making it a record-high month for crypto exploits.
In addition to the attack on dYdX, the DeFi platform Raft also suffered a hack, leading to the loss of approximately $3.3 million in Ethereum (ETH). This incident occurred on the same day as dYdX’s attack and further highlights the vulnerability of the crypto industry to security breaches. Earlier in the month, an attacker also drained approximately $114 million in digital assets from the centralized exchange Poloniex.
The targeted attack on dYdX and the subsequent losses highlight the ongoing challenges faced by decentralized exchanges and the broader crypto industry in terms of security and regulation. It is essential for exchanges and platforms to continually reassess and strengthen their security measures to protect user funds and maintain the trust of the community. This incident serves as a reminder of the necessary diligence and caution required in the ever-evolving landscape of decentralized finance.