Decentralized Exchange dYdX Unveils Attacker Behind $9 Million Loss

According to the exchange, they have discovered the identity of the attacker responsible for the attack on the v3 platform of the decentralized exchange dYdX on November 17, 2023, resulting in a loss of $9 million from the exchange’s insurance fund.

A post-mortem examination of the “targeted attack” on the exchange revealed that dYdX is currently investigating the possibility of taking legal action against the individual responsible for the attack. dYdX has announced that it has enhanced the v3 trading platform to strengthen open-interest monitoring and notifications.

The upgrade aims to prevent future coordinated attacks that use similar strategies. The exchange stated that it developed the improved v4 chain with the express purpose of mitigating hazards such as these. This product includes a new function that automatically adjusts the starting margin fraction in response to abnormal pricing movements.

dYdX made the discovery, when investigating the attack method, that the perpetrator began a large number of 5x leveraged long positions in YFI-USD across more than 100 wallets.

A spike in the price of spot YFI tokens by 215% occurred as a result of the attacker’s purchase of these tokens using a variety of addresses.

The native token of the DeFi protocol Yearn.finance is denoted by the term YFI. The exchange claims that the attacker increased their unrealized profits by entering more YFI-USD bets, reaching a maximum of around $50 million.

The attacker accomplished this by multiplying their earnings. To restrict the activities of the attacker, the platform increased the initial margin requirement on November 17 and decreased the base and incremental position sizes in the YFI-USD market.

The price of YFI plunged by approximately thirty percent in just one hour the next day, and the attacker was unable to close their holdings within the hour.

As reported by dYdX, the insurance fund assumed responsibility for covering their losses automatically when the attacker’s assets became negative.

The platform mentioned that the attacker had used the identical method on SUSHI-USD seven days before the YFI event and that they had made around five million dollars in earnings from it.

On the other hand, this did not have any impact on the v3 insurance fund because dYdX had upped the initial margin requirement to 100%, which prevented the attacker from gaining any additional ground.

The organization made it clear that the attacks did not have any impact on the funds of its customers and implied that the perpetrator of the attack did not gain anything from manipulating its YFI market.