- dYdX v3 compromised by a DNS attack; 2 smart contracts compromised.
- Exchange discussing the sale of its derivatives arm to Wintermute and Selini.
- Founder Antonio Juliano stepped down; Ivo Crnkovic-Rubsamen now leads the company.
dYdX, a prominent decentralized exchange, is grappling with a significant security breach involving its v3 protocol.
On July 23, it was reported that an attacker had compromised the official website for dYdX v3 by installing a token-draining program, which could potentially siphon off users’ funds.
The compromised site displayed error messages similar to those used in previous phishing scams, attempting to trick users into revealing their wallet information.
What we know so far about the dYdX hack
The exchange’s team promptly issued a warning on social media, advising users not to visit the affected site or click any links associated with it until further notice.
Fortunately, the protocol’s v4 version, which operates on the Cosmos blockchain, remains unaffected and fully operational.
The dYdX v3 interface, hosted at dydx.exchange, was the primary target of this attack. dYdX have stated that the smart contracts underlying the v3 protocol were not compromised.
The smart contracts on dYdX v3 are safe, and are not compromised.
Do not attempt to withdraw any funds or interact with the website dydx . exchange until further update. https://t.co/wtWYDQuyog
— dYdX (@dYdX) July 23, 2024
dYdX considering sale of its derivatives arm
This breach comes at a turbulent time for dYdX. The exchange is reportedly in discussions to sell its derivatives trading arm, with Wintermute Trading and Selini Capital emerging as potential buyers.
Wintermute Trading, based in the UK, is known for its algorithmic trading in digital assets, while Selini Capital focuses on managing alternative investments in digital assets.
This move follows the recent departure of dYdX’s founder, Antonio Juliano, who stepped down as CEO on May 13. The company is now led by Ivo Crnkovic-Rubsamen, the former chief strategy officer.
Adding to the complexity, dYdX launched its v5 version in June, introducing new features such as isolated margin and markets, and support for Raydium Markets.
These upgrades allow traders to assign collateral to specific trades, thereby mitigating cross-trade collateral risk and providing dedicated insurance for each collateral pool.
The dYdX v3 breach underscores a troubling trend in the Web3 space, where DNS hijacking attacks are becoming increasingly common.
Earlier this month, both Compound Finance and Celer Network experienced similar attacks, which redirected their websites to malicious domains aimed at draining user tokens.
As dYdX navigates this challenging period, focus remains on resolving the breach. The exchange’s native token has already taken a hit and was down 10% at press time.