dYdX said it had introduced advanced measures to mitigate risks and safeguard the v4 open-source software from attackers.
Decentralized finance (DeFi) protocol dYdX, which allows users to buy and sell crypto assets on its platform, said it had tracked down the hacker responsible for the attack on its v3 platform in November last year.
According to a post-mortem published on January 3, 2024, the decentralized exchange (DEX) uncovered the hacker’s identity through the combined efforts of its security team, partners, forensics contractors, and other investigative companies in the industry.
dYdX Exploited for $9 Million
On November 17, 2023, the protocol suffered a massive exploit, which resulted in the theft of $9 million. At the time, the exchange announced that the exploit was a “targeted attack against the DEX.”
However, according to the company’s team on Twitter, now X, the attackers gained access to the v3 insurance fund, which was used “to fill gaps in liquidation processes in the Yearn. finance market.” This caused the Yearn.finance native token YFI to drop to 43% that same day. The move allowed the hackers to long position in YFI tokens on dYdX, liquidating positions worth nearly $38 million.
In the post-mortem report published Wednesday, the exchange explained that it has taken safety measures to ensure risk control and prevent bad actors from attacking the dYdX v3 platform in the future.
dYdX said it had implemented revised margining in less-liquid markets. According to the exchange, the initial margin fraction will adjust automatically when abnormal activity occurs, which affects the ability to withdraw unrealized profit but not liquidation prices.
The DEX has also introduced improved open-interest monitoring and alerting, especially over long time frames, to protect the protocol against cyber criminals.
“Together, these measures will impede other bad actors from trying to use the same strategy to take levered positions, manipulate spot prices, withdraw against mark-to-market gains, and repeat,” the company explained.
dYdX May Take Legal Action Against the Hackers
On dYdX Chain, the exchange said it had introduced advanced measures to mitigate risks and safeguard the v4 open-source software from attackers.
These measures include a redesigned liquidation engine, data-driven market availability, variable margin fraction, and new risk management tools.
Aside from the safety measures, the exchange said it has strengthened its relationship with blockchain forensic investigation experts to assist them in identifying bad actors on-chain and other manipulative behaviors on the platform.
With the hacker now identified, dYdX said it is currently helping law enforcement agencies with their ongoing investigation regarding the hack. The exchange said it is also considering taking legal action against the attackers.
“dYdX is assisting law enforcement in their investigation of this matter and is assessing all legal options. dYdX is committed to taking any legal action it deems appropriate in these circumstances,” the company wrote.
next