In a recent update, the decentralized exchange platform dYdX has announced the identification of the attacker responsible for an incident on its v3 platform that took place on November 17, 2023. This attack resulted in a loss of $9 million from the platform’s insurance fund. Faced with this situation, dYdX has confirmed that it is considering taking legal action against the person responsible for this “targeted attack.”
As part of the measures to prevent future coordinated attacks with similar tactics, dYdX has enhanced its v3 trading platform. This update includes improvements in open-interest monitoring and the implementation of alerts. Additionally, the platform has launched the upgraded v4 version, specifically designed to mitigate similar risks in the future. One highlighted feature of this new version is the ability to automatically adjust the initial margin fraction in response to abnormal price changes, providing an additional layer of security.
1/ After looking into the YFI incident on dYdX v3, we’ve successfully tracked down the individual responsible & made a report to law enforcement.
This is our in-depth analysis & next steps 🧵https://t.co/JGxebpERYl
— dYdX (@dYdX) January 3, 2024
dYdX Provided Details of the Attack Mechanism
In the detailed analysis of the attack method, dYdX reveals that the attacker initiated numerous 5x leveraged positions using the YFI/USD trading pair across more than 100 wallets. This tactic involved the purchase of Yearn.finance (YFI) tokens, resulting in a significant 215% increase in their price. The attacker multiplied their unrealized profits by opening additional YFI/USD positions, reaching a maximum of approximately $50 million.
As an immediate response, on November 17, the platform adjusted the initial margin requirements and reduced the base and incremental position sizes in the YFI/USD market to limit the attacker’s activities. The next day, the price of YFI experienced a sudden 30% drop within an hour, and the attacker couldn’t close their positions. At this point, dYdX’s insurance fund automatically intervened, covering the losses when the attacker’s holdings turned negative.
It is essential to note that, according to dYdX, these attacks had no impact on customer funds, and the attacker did not profit from manipulating the YFI market on the platform. The company continues to actively work on strengthening its security protocols and safeguarding user assets, emphasizing its commitment to integrity and security in the decentralized finance space.
