dYdX Enhances Security Measures Following $9 Million Loss in Targeted Attack
The incident, described by dYdX founder Antonio Juliano as a "targeted attack," caused the liquidation of almost $38 million in positions related to the Yearn.Finance (YFI) token.
In response to the attack, dYdX announced an increase in margin requirements for several "less liquid markets," affecting tokens like Eos, 0x Protocol (ZRX), Aave, and others. Additionally, the exchange banned "highly profitable trading strategies" to mitigate future risks, reminiscent of similar strategies employed in a previous exploit on Mango Markets.
The attacker orchestrated a surge in YFI's open interest on dYdX from $0.8 million to $67 million within days. Despite heightened initial margin ratios for YFI, the attacker successfully withdrew a significant amount of USDC just before the YFI price plummeted, resulting in a 43% decline on November 17th.
Antonio Juliano confirmed the attack on X, emphasizing that it was a targeted effort against dYdX. The Yearn.finance team has not officially commented, but there's no indication of their control over the majority of the YFI token supply.
Speculations arose within the community, questioning the possibility of insider involvement in the YFI market. Claims suggesting 50% of YFI token supply controlled by developers were debunked by Etherscan data, revealing holdings in crypto exchange wallets.
The dYdX incident is part of a growing trend of hacks and scams in the crypto industry. A report by Immunefi highlighted 76 hacks in Q3 2023, indicating a significant increase compared to the same period in 2022. Approximately $332 million was lost to various exploits, hacks, and scams in September, marking a record-high month for crypto exploits.