dYdX claimed ‘no vulnerabilities,’ was compromised two weeks later
The popular ‘decentralized’ derivatives exchange, dYdX, has announced via its X (formerly Twitter) account that its v3 website was compromised. It has, however, moved to reassure users that this does not affect the current v4.
The dydx.exchange website appears to have been hosted on Squarespace, according to its registration. Almost two weeks ago, several other crypto products, including Compound Finance and Celer Network announced that their frontends had been compromised.
Both of these sites also relied on Squarespace for domain registration services.
When these other products were compromised, the firm took to X to note that “no vulnerabilities or security issues have been detected at this time.”
The other domain used, dydx.trade, appears to be registered on Namecheap instead of Squarespace.
dYdX currently maintains that only the front-end has been compromised, and that “the smart contracts on dYdX v3 are safe.”
Shortly before this compromise was announced, Bloomberg reported that dYdX was in talks to potentially sell its trading platform.
Read more: Compound Finance and Celer Network websites compromised in ‘front-end’ attacks
According to data from CoinMarketCap, ethDYDX, the token for v3 of this project, is down approximately 10% for the day.