dYdX identifies attacker, faces over $9 million in legal action
Decentralized cryptocurrency dYdX claims to have identified the attacker responsible for the November 17, 2023 attack on its exchange v3 platform, which resulted in a loss of $9 million from its insurance fund.
In the aftermath of the “targeted attack” on the exchange, dYdX confirmed that it is now looking into legal action against the person responsible.
DIDX says it has improved its v3 trading platform to enhance open demand monitoring and alerts to avoid coordinated attacks with similar tactics in the future.
The updated v4 chain is specifically designed to prevent such risks, the exchange added. It includes a new feature that automatically adjusts the initial margin fraction in response to unusual price changes.
1/ After observing a YFI incident on DYdX v3, we successfully tracked down the individual responsible and reported it to law enforcement.
This is our in-depth analysis and next step https://t.co/JGxebpERYl.
— dYdX (@dYdX) January 3, 2024
Analyzing the attack method, dYdX observed that the attacker initiated multiple 5x leveraged long positions using the YFI/USD trading pair on more than 100 wallets. The attacker bought spot Yearn.finance (YFI) tokens using different addresses, increasing the price by 215%. YFI is the native token of the Yearn.finance decentralized finance protocol.
According to the exchange, the attacker multiplied his unearned profits by entering additional YFI/USD positions, reaching a maximum of $50 million. In the year On November 17, the platform increased the initial margin demand in the YFI/USD market and lowered the base and incremental position sizes to limit the aggressive activity.
Related: Largest Solana Sewer Community Has Over 6,000 Members – Chain Analysis
The next day, YFI's price dropped almost 30% within an hour, and the attacker was unable to close out their positions. According to DYdX, when the attacker's holdings turn negative, the insurance fund automatically covers their losses.
The forum mentions that a week before the YFI incident, the attacker used the same strategy on SUSHI/USD and made a profit of around $5 million. But this didn't affect the v3 insurance fund because dYdX raised the initial profit requirement to 100%, preventing the attacker from earning more.
The company said the attack did not affect customers' funds and pointed out that the attacker had no interest in controlling the YFI market.
Magazine: Diffie's Billion Dollar Secret: Insiders Responsible for Hacking
