dYdX v3 Compromised In Suspected DNS Attack

As a seasoned cybersecurity analyst with extensive experience in the decentralized finance (DeFi) space, I am deeply concerned about the recent announcement from dYdX regarding the compromise of their on-chain trading service, dYdX v3. Although it’s important to note that no funds were directly impacted due to the attack targeting only the user interface and not the underlying smart contracts, this incident serves as a reminder of the ever-evolving threat landscape in the DeFi world.


dYdX, a decentralized cryptocurrency exchange, revealed that one of its on-chain trading services was breached following the installation of a token-draining software by an attacker on the official website for dYdX v3.

After the news broke that the dYdX v3 domain was being put up for sale, issues with it came to light.

dYdX v3 CompromisedĀ 

Based on dYdX’s announcement, the attack did not affect or touch any funds that traders currently have on their platform. The reason being, only the website domain was targeted during the attack, whereas the underlying smart contracts on the platform remained unaffected. Therefore, dYdX advised users to avoid visiting the suspect domain and clicking questionable links. Additionally, they emphasized that version 4 of their platform was not affected or compromised by this incident.

I’ve recently obtained information that the dYdX Exchange has fallen victim to a cyberattack. I strongly advise against visiting their website or clicking on any links associated with it until additional information becomes available. Rest assured, this advisory is unrelated to the dYdX v4 platform.

In a distinct statement on Discord, dYdX revealed that an intruder had seized control of the v3 domain and set up a counterfeit site. Users who linked their wallets to this deceitful website were requested to sanction a PERMIT2 transaction, unknowingly giving away their tokens to the attacker.

An intruder has seized control of the v3 domain and established a counterfeit site. This site deceitfully requests users’ approval through a PERMIT2 transaction once they link their wallets, with the ultimate goal of pilfering their most prized tokens.

DydX announced that no harm came to their smart contracts during the recent incident. The issue affected only the user interface. Consequently, deposited funds remained secure on the platform. Nevertheless, the company advised against using the website for withdrawals or any interaction until further notice.

“The dYdX v3 smart contracts remain secure and have not been breached. Please refrain from attempting to withdraw funds or interacting with the site until receiving a subsequent announcement.”

Problem Occurs As dYdX v3 Put Up For Sale

After news broke out that dYdX v3 was being put up for sale, with various buyers expressing their intent to purchase, dYdX identified an issue. Notably, Wintermute is among the potential buyers. In a statement on X, dYdX revealed they were considering different options regarding v3’s strategic direction.

“Dydx Trading is considering new approaches for utilizing their v3 technology, excluding the Ethereum smart contract and any technology reliant on their utility token.”

Familiarities With Earlier ScamĀ 

A current cyberattack on the dYdX v3 website bears resemblance to a phishing scheme targeting Collabland users. In this deceitful scheme, a user’s wallet balance was scrutinized upon connecting it to the website. If the wallet lacked funds, users were encouraged to retry with an active one. However, if a user connected a wallet holding funds, they received a signature request. If the user unwittingly approved this request, their account was drained by the hacker.

Based on my extensive experience as a cybersecurity professional, I can tell you that the lack of information regarding how an attacker manages to seize control of a domain name is a concerning issue. In today’s digital landscape, such incidents are unfortunately all too common, especially when it comes to Web3 protocols.

Read More

Sorry. No data so far.

2024-07-25 15:13