Decentralized change dYdX has launched a complete report analyzing the “focused assault” it encountered on its v3 platform in November.
The incident led to a considerable loss of $9 million from its insurance coverage fund, a determine that constitutes about 40% of the fund’s complete worth.
dYdX acknowledged of their Jan. 3 report that their investigation has efficiently revealed the identification of the attacker, with whom they’re now in communication.
Moreover, the platform is contemplating numerous authorized measures to take towards the perpetrator liable for the assault.
“dYdX is aiding regulation enforcement of their investigation of this matter and is assessing all authorized choices. dYdX is dedicated to taking any authorized motion it deems acceptable in these circumstances.”
dYdX staff
How was the hack executed?
The investigation revealed that the attacker carried out quite a few 5x leveraged lengthy positions in YFI, the native token of the defi protocol Yearn Finance, using over 100 totally different wallets.
By buying YFI tokens from a number of addresses, the attacker dramatically inflated the token’s worth by 215%.
They then reinvested the unrealized earnings into additional YFI-USD positions, in the end reaching a complete worth of round $50 million.
To counteract this, dYdX shortly elevated the preliminary margin requirement and adjusted place sizes for the YFI-USD market on Nov. 17. Regardless of these efforts, the next day witnessed a pointy 30% drop in YFI’s worth inside an hour.
Because of this, the insurance coverage fund routinely compensated for the losses incurred by the attacker, as defined by dYdX.
The report moreover highlighted a associated occasion that occurred every week earlier, the place the identical technique was utilized by the attacker, this time specializing in the cryptocurrency SUSHI.
Though the attacker managed to withdraw roughly $5 million in earnings, this didn’t have an effect on dYdX’s v3 insurance coverage fund for the reason that change had already elevated the preliminary margin requirement to 100%, thereby blocking extra earnings for the attacker.
dYdX reassured its shoppers that buyer funds remained safe and unaffected by these incidents. Moreover, the manipulative technique employed within the YFI market didn’t yield important earnings for the attacker.
In response to those assaults, dYdX has up to date its v3 buying and selling platform to boost its monitoring and alerting mechanisms for open curiosity.
Moreover, the corporate highlighted that its forthcoming v4 chain is being developed with options to counter such dangers, together with an computerized adjustment of the preliminary margin fraction in response to uncommon worth actions.