Decentralized change dYdX has released a autopsy report detailing the “focused assault” it skilled on its v3 platform in November.
The assault resulted in a $9 million loss from its insurance coverage fund, which represented roughly 40% of its complete holdings.
Within the report, dYdX said that investigative efforts have efficiently uncovered the identification of the attacker and that the corporate is at present engaged in communication with them.
Moreover, the platform is exploring potential authorized actions in opposition to the perpetrator.
“Due to the efforts of our group, companions in the neighborhood and forensics contractors, investigative outcomes have uncovered the identification of the attacker and we’re in touch with them,” the DEX wrote.
“dYdX is helping legislation enforcement of their investigation of this matter and is assessing all authorized choices. dYdX is dedicated to taking any authorized motion it deems acceptable in these circumstances.”
How Did the Assault Pull the Hack?
In response to the findings, the attacker executed a considerable variety of 5x leveraged lengthy positions in YFI, the native token of DeFi protocol Yearn Finance, throughout greater than 100 wallets.
By buying spot YFI tokens utilizing completely different addresses, the attacker induced the worth to surge by 215%, as revealed by dYdX.
The attacker then reinvested their unrealized income into extra YFI-USD positions, reaching a most worth of roughly $50 million.
To limit the attacker’s actions, dYdX elevated the YFI-USD market’s preliminary margin requirement and adjusted the bottom and incremental place sizes on November 17.
Nevertheless, on the next day, the worth of YFI plummeted by almost 30% inside an hour, and the attacker failed to shut their positions.
Because of this, the insurance coverage fund robotically compensated for the losses incurred by the attacker, as defined by dYdX.
The report additionally talked about a separate incident per week prior, wherein the attacker employed the identical technique however focused SUSHI as an alternative.
Though the attacker withdrew roughly $5 million in income, it didn’t impression the v3 insurance coverage fund as a result of dYdX had raised the preliminary margin requirement to 100%, stopping additional earnings for the attacker.
dYdX assured its customers that no buyer funds have been affected by these assaults and indicated that the attacker probably didn’t revenue considerably from manipulating the YFI market.
In response to those orchestrated assaults, dYdX has applied updates to its v3 buying and selling platform to boost open-interest monitoring and alerting capabilities.
Moreover, dYdX talked about that its upcoming v4 chain has been designed to mitigate dangers just like these encountered on this incident.
The upgraded chain incorporates a brand new software program function that robotically adjusts the preliminary margin fraction in response to irregular worth actions.
“The default code of the v4 open-source software program (the ”dYdX Chain”) is already designed with these dangers in thoughts in a number of methods.”