dYdX, a decentralized exchange, has released a post-mortem report on a targeted attack on its v3 platform in November. The attack led to a $9 million loss in the platform's insurance fund, equivalent to roughly 40% of its total holdings.
Identified Attacker and Legal Action
- dYdX stated they have identified the attacker's identity and are in contact with them.
- The platform is considering legal options against the perpetrator for the targeted attack.
Attack Details and Strategy
- The attacker leveraged 5x positions in YFI-USD across more than 100 wallets, significantly impacting the native token of DeFi protocol Yearn Finance.
- By purchasing spot YFI tokens using different addresses, the attacker drove the price up by 215%, amassing positions worth approximately $50 million.
Platform's Response and Fund Impact
- dYdX increased the YFI-USD market's initial margin requirement and adjusted position sizes to restrict the attacker's activities.
- Subsequently, YFI's price plunged nearly 30% in an hour, leading to the attacker's failure to close their positions. The losses were compensated from the insurance fund.
Previous Attacks and Preventive Measures
- The attacker had targeted SUSHI-USD using a similar strategy a week before, earning around $5 million in profits. However, dYdX's raised initial margin requirement prevented further impact on the insurance fund.
- Customer funds were unaffected, and dYdX claims the attacker did not profit from manipulating the YFI market.
Enhanced Security Measures and Future Plans
- dYdX has updated its v3 trading platform for better open-interest monitoring and alerting to prevent similar orchestrated attacks.
- Additionally, the upgraded v4 chain includes automatic adjustments in the initial margin fraction to mitigate risks from abnormal price movements.
Future Developments and Contact
- dYdX highlighted that the v4 chain upgrade aims to prevent incidents akin to this attack and includes new software features for risk management.
- The company has not yet responded to further inquiries regarding the incident.