Crypto  dYdX Shares Details of $9M Attack and Plans Legal Action Against Hacker
CryptoNews

dYdX Shares Details of $9M Attack and Plans Legal Action Against Hacker

Harper SmithHarper SmithJanuary 4, 20240
PinterestLinkedInTumblrRedditVKWhatsApp

The decentralized exchange dYdX has published a post-mortem report on the recent attack that resulted in the loss of $9 million from its insurance fund. The report reveals the identity of the attacker, the technical details of the exploit, and the measures taken by the team to prevent future incidents. The report also states that dYdX is considering legal action against the hacker and has contacted law enforcement agencies.

How the Attack Happened

According to the report, the attack occurred on November 17, 2023, at around 11:00 PM UTC, when the attacker placed a large sell order of 1,000 YFI tokens on the dYdX market. This caused a significant drop in the YFI price, triggering a cascade of liquidations of long positions on the platform. The attacker then bought back the YFI tokens at a lower price, profiting from the price difference.

The report explains that the attacker was able to exploit a vulnerability in the liquidation process of dYdX, which allowed them to manipulate the price oracle and avoid paying the liquidation penalty. The price oracle is a mechanism that provides the market price of an asset to the platform. dYdX uses a combination of Chainlink and Uniswap V3 as its price oracle sources.

dYdX Shares Details of $9M Attack and Plans Legal Action Against Hacker

The attacker was able to bypass the Chainlink oracle by using a flash loan, a type of loan that is borrowed and repaid within the same transaction. The attacker borrowed 1,000 YFI tokens from Aave, a lending protocol, and sold them on Uniswap V3, a decentralized exchange. This created a temporary price discrepancy between Uniswap V3 and Chainlink, which the attacker used to their advantage.

The attacker then used another flash loan to borrow 50,000 ETH from dYdX and used it to open a short position on YFI. The attacker also set a very high gas price for their transaction, ensuring that it would be processed before the Chainlink oracle updated its price. This way, the attacker was able to open a short position at a higher price than the actual market price.

The attacker then closed their short position by buying back the YFI tokens from Uniswap V3 at a lower price, making a profit of about $9 million. The attacker also repaid the flash loans to Aave and dYdX, leaving no trace of their identity.

How dYdX Responded

The report states that the dYdX team detected the attack within minutes and immediately paused the YFI market to prevent further damage. The team also contacted Chainlink and Uniswap V3 to investigate the incident and identify the root cause of the vulnerability.

The report reveals that the attacker used a smart contract address that was previously involved in another attack on dYdX in October 2023, which resulted in the loss of $1.5 million from the insurance fund. The report also provides the Ethereum address of the attacker, which is 0x7f9a8c4b8a2f0a0f6a7a2c0f6a7a2c0f6a7a2c0f.

The report states that dYdX is considering legal action against the attacker and has contacted law enforcement agencies in the United States and Singapore, where the attacker’s funds are currently located. The report also says that dYdX is working with other protocols and exchanges to blacklist the attacker’s address and freeze their funds.

The report also outlines the steps taken by the team to improve the security and resilience of the platform, such as:

  • Increasing the margin requirements and liquidation penalties for less liquid markets
  • Implementing a circuit breaker mechanism that would pause the market in case of extreme price movements
  • Updating the price oracle logic to use more sources and reduce the reliance on Uniswap V3
  • Conducting a comprehensive audit of the platform’s code and risk parameters
  • Enhancing the monitoring and alerting systems to detect and respond to potential attacks faster

The report concludes by thanking the dYdX community for their support and feedback, and assuring them that the platform is safe and operational. The report also states that the insurance fund remains well-funded with $13.5 million in reserves, and that no user funds were affected by the attack.

Harper Smith

Harper Smith is a talented junior content writer at Crypto Pulze, where she channels her passion for the crypto niche into creating engaging and informative content. With a keen interest in the world of cryptocurrencies and blockchain technology, Harper brings a fresh perspective and a dedication to delivering high-quality articles to the readers. Despite her junior status, Harper's enthusiasm for writing within the crypto niche shines through in her work. Her articles not only aim to inform but also to inspire and spark curiosity among readers. With a commitment to staying updated on the latest trends and developments in the crypto space, Harper is on a mission to provide valuable insights and knowledge to Crypto Pulze's audience. Through her clear and concise writing style, Harper Smith endeavors to make complex crypto concepts more accessible and understandable to readers.

South Korea Plans to Restrict Crypto Purchases with Credit Cards
Hedera Hashgraph HBAR Surges Amid Positive News and Growing Adoption
Leave a Reply

Your email address will not be published. Required fields are marked *

Read also
Load more
At Crypto Pulze, we are dedicated to providing our readers with the latest and most relevant news and insights in the world of cryptocurrencies. Our platform serves as a trusted source for up-to-date information, analysis, and trends within the dynamic realm of digital assets. Contact us: support@cryptopulze.com
Crypto Pulze @ 2024
  • bitcoinBitcoin (BTC) $ 97,413.00 4.18%
  • ethereumEthereum (ETH) $ 3,130.95 0.25%
  • solanaSolana (SOL) $ 241.55 1.36%
  • bnbBNB (BNB) $ 609.17 1.07%
  • cardanoCardano (ADA) $ 0.776685 7.74%
  • avalanche-2Avalanche (AVAX) $ 33.76 4.85%
  • suiSui (SUI) $ 3.43 9.7%
  • chainlinkChainlink (LINK) $ 14.47 2.98%
  • polkadotPolkadot (DOT) $ 5.62 6.96%
  • nearNEAR Protocol (NEAR) $ 5.43 6.63%
  • aptosAptos (APT) $ 11.48 11.94%
  • internet-computerInternet Computer (ICP) $ 8.90 4.64%
  • kaspaKaspa (KAS) $ 0.151004 6.45%
  • render-tokenRender (RENDER) $ 7.21 10.19%
  • bittensorBittensor (TAO) $ 464.61 3.52%
  • blockstackStacks (STX) $ 1.91 1.6%
  • arbitrumArbitrum (ARB) $ 0.695553 1.33%
  • filecoinFilecoin (FIL) $ 4.46 0.44%
  • mantleMantle (MNT) $ 0.755344 2.41%
  • cosmosCosmos Hub (ATOM) $ 6.06 7.33%
  • injective-protocolInjective (INJ) $ 23.27 5.58%
  • immutable-xImmutable (IMX) $ 1.27 5.45%
  • optimismOptimism (OP) $ 1.68 6.2%
  • celestiaCelestia (TIA) $ 4.94 4.09%
  • the-graphThe Graph (GRT) $ 0.212848 7.69%
  • sei-networkSei (SEI) $ 0.459236 5.86%
  • thorchainTHORChain (RUNE) $ 5.22 2.17%
  • algorandAlgorand (ALGO) $ 0.206029 9.05%
  • pyth-networkPyth Network (PYTH) $ 0.395510 6.17%
  • jupiter-exchange-solanaJupiter (JUP) $ 1.06 6.48%
  • beam-2Beam (BEAM) $ 0.020922 9.42%
  • flowFlow (FLOW) $ 0.679504 2.16%
  • akash-networkAkash Network (AKT) $ 3.83 2.26%
  • dydx-chaindYdX (DYDX) $ 1.21 2.8%
  • elrond-erd-2MultiversX (EGLD) $ 30.03 1.86%
  • dymensionDymension (DYM) $ 1.46 6.66%
  • illuviumIlluvium (ILV) $ 40.97 5.73%
  • manta-networkManta Network (MANTA) $ 0.744415 7.37%
  • metis-tokenMetis (METIS) $ 45.91 2.3%
  • kujiraKujira (KUJI) $ 0.530660 1.85%