DeFi exchange dYdX publishes post-mortem on $9 million November attack
Quick Take
- The decentralized exchange said customer funds were untouched, and the attacker likely did not profit from the YFI price crash.
Decentralized exchange dYdX today published a post-mortem on the “targeted attack” on its v3 platform in November that resulted in a loss of $9 million in its insurance fund, which represented around 40% of its total.
“Investigative results have uncovered the identity of the attacker and we are in contact with them,” dYdX wrote in the post. It is currently examining legal options against the perpetrator.
The platform noted that the attacker opened a significant amount of 5x leveraged long positions in 
YFI
-1.39%
-USD across more than 100 wallets. YFI is the native token for DeFi protocol Yearn Finance. Using different addresses, the attacker purchased spot YFI tokens, causing its price to soar 215%, according to dYdX.
The attacker snowballed their unrealized profits into more YFI-USD positions, maxing out at around $50 million, the exchange said. On Nov. 17, The platform increased the YFI-USD market’s initial margin requirement and decreased the base position and incremental position size to restrict the attacker.
The following day, YFI’s price plunged nearly 30% in an hour, and the attacker failed to close their positions. As the attacker's holdings plummeted into negative territory, the insurance fund automatically compensated for their losses, dYdX said.
The platform added that a week before the YFI incident, the attacker targeted 
SUSHI
-4.93%
-USD with the same strategy, withdrawing about $5 million in profits, but that did not impact the v3 insurance fund as dYdX raised the initial margin requirement to 100%, preventing the attacker from earning more.
The company explained that no customer funds were impacted by the attacks, and suggested that the attacker did not profit from manipulating its YFI market.
In prevention of any more orchestrated attacks using similar strategies, dYdX said it has updated the v3 trading platform for better open-interest monitoring and alerting.
The exchange added that the upgraded v4 chain is already designed to prevent risks similar to this incident. It said the upgrade chain comes with a new software feature that automatically adjusts the initial margin fraction in case of abnormal price moves.
The company did not immediately respond to The Block’s request for further comments.
Disclaimer: The Block is an independent media outlet that delivers news, research, and data. As of November 2023, Foresight Ventures is a majority investor of The Block. Foresight Ventures invests in other companies in the crypto space. Crypto exchange Bitget is an anchor LP for Foresight Ventures. The Block continues to operate independently to deliver objective, impactful, and timely information about the crypto industry. Here are our current financial disclosures.
© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
