Decentralized exchange dYdX says it has uncovered the identity of the attacker responsible for the exchange’s v3 platform attack on Nov. 17, 2023, which resulted in a loss of $9 million from its insurance fund.
In a post-mortem on the “targeted attack” on the exchange, dYdX confirmed that it is now looking into legal actions against the person responsible.
To avoid future coordinated attacks with similar tactics, dYdX said it had improved its v3 trading platform to enhance open-interest monitoring and alerts.
The exchange added that the enhanced v4 chain is specifically built to mitigate risks like this. It includes a new feature that automatically adjusts the initial margin fraction in response to abnormal price changes.
1/ After looking into the YFI incident on dYdX v3, we’ve successfully tracked down the individual responsible & made a report to law enforcement.
This is our in-depth analysis & next steps 🧵https://t.co/JGxebpERYl
— dYdX (@dYdX) January 3, 2024
In examining the attack method, dYdX observed that the attacker initiated many 5x leveraged long positions using the YFI/USD trading pair across over 100 wallets. Using various addresses, the attacker bought spot Yearn.finance (YFI) tokens, leading to a 215% increase in its price. YFI is the native token of the Yearn.finance decentralized finance protocol.
According to the exchange, the attacker multiplied their unrealized profits by entering additional YFI/USD positions, reaching a maximum of around $50 million. On Nov. 17, the platform raised the initial margin requirement and lowered the base and incremental position sizes in the YFI/USD market to limit the attacker’s activities.
The next day, the price of YFI dropped almost 30% within an hour, and the attacker couldn’t close their positions. The insurance fund automatically covered their losses when the attacker’s holdings turned negative, according to dYdX.
The platform also mentioned that a week before the YFI incident, the attacker used the same strategy on SUSHI/USD, making around $5 million in profits. However, this did not affect the v3 insurance fund because dYdX had increased the initial margin requirement to 100%, preventing the attacker from gaining further.
The company clarified that the attacks did not affect customer funds and indicated that the attacker did not benefit from manipulating its YFI market.