dYdX Discovers Attacker, Explores Legal Action After $9M Loss

dYdX decentralized exchange has successfully discovered from its investigation team the identity of the personality responsible for the targeted attack on its v3 platform that followed on November 17, 2023. The exchange lost $9 million from the insurance fund in this penalized act. After that incident, dYdX took steps to improve the security of its platform and announced its intention to file a complaint against the attacker.

In a post-mortem on the “targeted attack” on the exchange, dYdX confirmed that it is now looking into legal actions against the person responsible. The exchange has enhanced security measures and upgraded its v3 trading platform. This includes making open-interest monitoring and alerts more stringent for improved security.

DYdX declared this to give life to the refined v4 chain and enrich its defense line. The advanced edition included inventive functionalities that cut considerate risks in the preferred attack cases. The v4 chain automatically adjusts the initial margin fraction as a third-layer protection in case of abnormal price changes.

1/ After looking into the YFI incident on dYdX v3, we’ve successfully tracked down the individual responsible & made a report to law enforcement.

This is our in-depth analysis & next steps 🧵https://t.co/JGxebpERYl

— dYdX (@dYdX) January 3, 2024

dYdX Bolsters Defenses to Thwart Future Coordinated Attacks

In dissecting the attacker’s approach, dYdX noted a strategy that involved initiating numerous 5x leveraged long positions with the YFI/USD trading pair. More than 100 wallets were found to contain these positions on the platform. The assailant strategically acquired Spot Yearn. Massive 215% price hikes due to YFI, the finance token used in different addresses. Yearn. The decentralized finance protocol has a native token called YFI.

After, the attacker increased his potential unrealized profit by opening further positions of YFI/USD and raised the total to 50 million USD. In response to imminent danger, dYdX raised margin requirements and restricted YFI/USD trades, thwarting the attacker on November 17.

Later in the day, YFI fell almost 30% within an hour, and the attacker could not close their positions. The value of the holdings owned by the attacker dipped into negative territory and was confirmed by dYdX. Naturally, the insurance fund bailed in as a result.

In a disclosure emphasizing a prior incident, dYdX stated that about a week before the YFI attack, the same attacker had utilized the same technique on the SUSHI/USD trading pair. This resulted in the individual making approximately $5 million in profits. However, dYdX had raised the initial margin requirement for the SUSHI/USD market by 100% as a precaution, stopping the attacker from further netting.

The attacks had no significant impact on customer funds. Additionally, the exchange observed that the attacker did not appear to have gained profits from gambling on the YFI market. dYdX’s warning of legal action against the individual creates a sense of imminent tension. This looming lawsuit appears to cast a shadow over the cryptocurrency industry. It ensures that security is a topic that won’t go away.

Related Reading | Michael Saylor’s $216M MicroStrategy Stock Plan