- dYdX has published a post-mortem report on a recent attack.
- The exchange detailed how the attacker manipulated market positions.
- The report stated the exchange had uncovered the identity of the attacker.
Decentralized exchange dYdX has issued a post-mortem report identifying the hacker behind a SUSHI and YFI incident it recently experienced on its v3 platform, leading to millions of dollars in losses.
On November 18, dYdX announced that an attacker had used $9 million from its insurance fund “to fill gaps on liquidations processed in the YFI market.” While the exchange stated that no user funds were affected, 40% of the insurance fund was reportedly drained in the attack.
dYdX Issues Post-mortem Report on $9 Million Attack
Per the report, on November 1, dYdX became aware of 132 addresses connected to its v3 platform and linked to a single funding source. The wallets opened highly leveraged SUSHI long positions, significantly increasing open interest in the SUSHI-USDC market.
Although the exchange raised its marginal requirement to 100% to prevent further profitable withdrawals from these trades, the attacker replicated a similar trading pattern in the YFI-USDC market a few days later.
“The attacker appeared to have a clear strategy: build leveraged long positions on dYdX v3 prior to purchasing $SUSHI and $YFI spot. Ultimately, the price moves in $SUSHI and $YFI were possibly due to some combination of an organic price move and the attacker’s coordinated aggressive buying in spot markets,” the report read.
To maximize their gains, the attacker withdrew unrealized profits from their long positions before redepositing these profits in newly connected wallets to expand their long positions. In the long haul, the attacker used a deposit of $16 million to drain $9 million from the insurance fund.
dYdX revealed that it had uncovered the identity of the hacker and that it was in contact with them. Further, the exchange clarified that it was “assessing all legal options” to resolve the matter, including assisting law enforcement in their investigation.
Read how the Orbit cross-chain bride was recently exploited:
Orbit Cross-Chain Bridge Hit for $82 Million
Stay updated on how the Nest Wallet CEO fell victim to a phishing attack:
Nest Wallet CEO Loses $125,000 to LFG Token Phishing Attack