TL;DR
- dYdX has reported a compromise in the user interface of its version 3.0. Affected by a DNS attack that has compromised the dydx.exchange website.
- The smart contracts have not been compromised and the funds on the platform are secure. Users are advised not to attempt withdrawals through the affected site.
- Version 4.0 of the protocol on the Cosmos blockchain has not been affected and continues to operate normally, while the attack highlights the growing concerns about security in the Web3 ecosystem.
The crypto exchange dYdX has reported a compromise in the user interface for its version 3.0 protocol, according to a statement released on July 23. The attack, apparently facilitated through a malicious program designed to drain tokens, has exclusively affected the website associated with this version of the system, which operates under the domain dydx.exchange. This situation has led the exchange team to issue a warning to users, advising them not to visit the compromised website or click on any related links until further notice.
Fortunately, the dYdX team has assured that the application’s smart contracts have not been compromised. The funds deposited on the platform remain secure, and users should refrain from attempting withdrawals through the affected site. This precautionary measure aims to minimize the risk of fund loss while the extent of the attack is investigated.
We just learned that dYdX v3 website (dYdX . exchange) has been compromised.
Please do not visit the website or click any links until further notice. An update will be provided when available.
This message does not relate to dYdX v4.
— dYdX (@dYdX) July 23, 2024
The attack appears to be linked to a recurring issue in the Web3 space: DNS hijacking. These incidents have become quite frequent recently, as demonstrated by recent attacks on Compound Finance and Celer Network, where attackers redirected websites to malicious pages with the aim of draining tokens from unsuspecting users.
Version 4.0 of dYdX Not Affected by the Attack
The method observed in the dYdX v3 attack shows similarities to a previously reported phishing case. Where users were prompted to connect an active wallet to perform transactions. In order to drain funds through a signature request.
Despite the severity of the incident, the dYdX team has confirmed that version 4.0 of the protocol. Which operates on the Cosmos blockchain, has not been affected and continues to function normally. Users of this version should be able to continue their operations without issues. As no compromises have been reported on this platform.
The attack highlights security issues in the cryptocurrency ecosystem, particularly related to domain hijacking and fund protection. Meanwhile, the community is expected to remain vigilant and take additional precautions to protect their digital assets.