dYdX Identifies Assailant Behind $9M v3 Platform Attack; Readies Legal Action
Summary:
The decentralized exchange dYdX has identified the person behind a November 2023 v3 platform attack that resulted in a $9 million loss from its insurance fund. The exchange is considering legal action. To curb similar threats, dYdX has upgraded its v3 trading platform, improved open-interest surveillance and alerts, and introduced a new v4 chain. The hacker used a strategy that manipulated the prices of YFI and SUSHI tokens, but customer funds were not affected and the attacker apparently made no profits from the manipulation.
The individual behind the assault on the v3 platform of the dYdX decentralized exchange on November 17, 2023, which led to a $9 million loss from the platform's insurance fund, has been identified by the trading firm. According to a detailed analysis of the specific attack on the exchange, dYdX is planning potential legal action against the perpetrator. To prevent similar multifaceted attacks, enhancements have been made to the v3 trading platform, including better open-interest tracking and alerting. The updated v4 blockchain, designed to manage such threats, now includes an automatic initial margin fraction adjustment in response to unusual pricing fluctuations.
The attack procedure revealed that perpetrator initiated multiple 5x leveraged long positions on YFI-USD through over 100 wallets. With several addresses, the culpable party purchased spot YFI tokens, driving its price up by 215%. YFI is the primary token of the Yearn.finance DeFi protocol. According to the exchange, the attacker went on to boost their unrealized profits by opening more YFI-USD positions, peaking at around $50 million. In response, the platform changed the initial margin requirement and reduced the base and additional position sizes in the YFI-USD market to curb the attacker’s activities.
The following day, the YFI price plummeted by almost 30% within 60 minutes, leaving the attacker unable to close their positions. The losses incurred when the attacker's portfolio turned negative were recouped through dYdX's insurance fund. Before the YFI incident, the attacker made a profit of approximately $5 million using the same tactic on SUSHI-USD, without any impact on the v3 insurance fund due to a 100% increase in the initial margin requirement by dYdX, which barred the attacker from further profits.
The exchange affirmed that customer funds were unaffected by the attacks and suggested that the attacker didn’t reap any benefits from its manipulation of the YFI market.
Published At
1/4/2024 11:48:56 AM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.