Decentralized exchange dYdX has utilized its insurance fund to offset losses totaling $9 million resulting from what the platform describes as a “targeted attack.”
In a post on X (formerly Twitter) on Saturday, the dYdX team explained that the v3 insurance fund was activated “to address gaps in the liquidation process within the YFI market.” They reassured users that the v3 insurance fund remains well-funded, with $13.5 million remaining, and clarified that no user funds were affected. The team is actively investigating the event.
dYdX founder Antonio Juliano also confirmed the attack in a post on X, characterizing it as a “pretty clear targeted attack against dYdX.”
The Yearn.Finance (YFI) token experienced a significant 43% drop on November 17th, following a notable surge of over 170% in the weeks leading up to the incident.
How Did dydx Hackers Pull the Attack?
The purported attack specifically aimed at long positions in YFI tokens on the dYdX exchange, leading to the liquidation of positions valued at nearly $38 million.
Antonio Juliano, the founder of dYdX, expressed suspicion that the trading losses incurred by dYdX, coupled with the substantial decline in YFI, were indicative of market manipulation.
In response to the incident, Juliano announced plans for a thorough review of risk parameters. He stated that appropriate adjustments would be made to both the v3 and potentially the dYdX Chain software to enhance security measures.
Taking preventative measures against future incidents, dYdX implemented an increase in margin requirements for “less liquid” markets, including EOS, RUNE, AAVE, and others.
The lucrative trade that initiated the attack resulted in a depletion of over $300 million in market capitalization for the YFI token. This substantial loss has sparked suspicions within the community, with some speculating the possibility of an insider job within the YFI market.
Concerns have been raised by certain users who assert that 50% of the YFI token supply is held in 10 wallets controlled by developers. However, data from Etherscan indicates that some of these holders are associated with crypto exchange wallets rather than addresses under developer control.
The dYdX hack adds to the ongoing challenges faced by the crypto industry, where incidents of hacks and scams persistently afflict the space, underscoring the importance of robust security measures and heightened vigilance within the cryptocurrency ecosystem.
According to a report from blockchain security platform Immunefi, there were 76 reported hacks on crypto and Web3 projects and firms in Q3 2023. This represents a significant increase compared to the 30 hacks reported during the same period in 2022.
In total, around $332 million was lost to various exploits, hacks, and scams throughout September, setting a record for the highest monthly losses due to crypto exploits.
One of the incidents mentioned in the report involved DeFi platform Raft, which suffered a hack resulting in the loss of approximately $3.3 million in Ethereum (ETH). Notably, Raft’s hack was the second major crypto exploit on the same day, with an earlier attack draining around $114 million in digital assets from the centralized exchange Poloniex. The rising frequency of such incidents underscores the ongoing challenges and security concerns within the crypto space.