Security

DeFi exchange dYdX publishes post-mortem on $9 million November attack

Decentralized exchange dYdX today published a post-mortem on the “targeted attack” on its v3 platform in November that resulted in a loss of $9 million in its insurance fund, which represented around 40% of its total.

“Investigative results have uncovered the identity of the attacker and we are in contact with them,” dYdX wrote in the post. It is currently examining legal options against the perpetrator.

The platform noted that the attacker opened a significant amount of 5x leveraged long positions in YFI -7.42% -USD across more than 100 wallets. YFI is the native token for DeFi protocol Yearn Finance. Using different addresses, the attacker purchased spot YFI tokens, causing its price to soar 215%, according to dYdX.

The attacker snowballed their unrealized profits into more YFI-USD positions, maxing out at around $50 million, the exchange said. On Nov. 17, The platform increased the YFI-USD market’s initial margin requirement and decreased the base position and incremental position size to restrict the attacker.

The following day, YFI’s price plunged nearly 30% in an hour, and the attacker failed to close their positions. As the attacker’s holdings plummeted into negative territory, the insurance fund automatically compensated for their losses, dYdX said.

The platform added that a week before the YFI incident, the attacker targeted SUSHI -12.23% -USD with the same strategy, withdrawing about $5 million in profits, but that did not impact the v3 insurance fund as dYdX raised the initial margin requirement to 100%, preventing the attacker from earning more.

The company explained that no customer funds were impacted by the attacks, and suggested that the attacker did not profit from manipulating its YFI market.

In prevention of any more orchestrated attacks using similar strategies, dYdX said it has updated the v3 trading platform for better open-interest monitoring and alerting.

The exchange added that the upgraded v4 chain is already designed to prevent risks similar to this incident. It said the upgrade chain comes with a new software feature that automatically adjusts the initial margin fraction in case of abnormal price moves.

The company did not immediately respond to The Block’s request for further comments.

Source

Click to rate this post!
[Total: 0 Average: 0]
Show More

Leave a Reply

Your email address will not be published. Required fields are marked *