dYdX Reveals Post-Mortem Findings: Identifies Attacker and Considers Legal Measures

Ruholamin Haqshanas
Last updated: | 2 min read
dYdX Reveals Post-Mortem Findings: Identifies Attacker and Considers Legal Measures
Image Source: Unsplash

Decentralized exchange dYdX has released a post-mortem report detailing the “targeted attack” it experienced on its v3 platform in November. 

The attack resulted in a $9 million loss from its insurance fund, which represented approximately 40% of its total holdings.

In the report, dYdX stated that investigative efforts have successfully uncovered the identity of the attacker and that the company is currently engaged in communication with them. 

Furthermore, the platform is exploring potential legal actions against the perpetrator.

“Thanks to the efforts of our team, partners in the community and forensics contractors, investigative results have uncovered the identity of the attacker and we are in contact with them,” the DEX wrote. 

“dYdX is assisting law enforcement in their investigation of this matter and is assessing all legal options. dYdX is committed to taking any legal action it deems appropriate in these circumstances.”

How Did the Attacker Pull the dYdX Hack?


According to the findings, the attacker executed a substantial number of 5x leveraged long positions in YFI, the native token of DeFi protocol Yearn Finance, across more than 100 wallets.

By purchasing spot YFI tokens using different addresses, the attacker caused the price to surge by 215%, as revealed by dYdX. 

The attacker then reinvested their unrealized profits into additional YFI-USD positions, reaching a maximum value of approximately $50 million. 

To restrict the attacker’s actions, dYdX increased the YFI-USD market’s initial margin requirement and adjusted the base and incremental position sizes on November 17.

However, on the following day, the price of YFI plummeted by nearly 30% within an hour, and the attacker failed to close their positions. 

As a result, the insurance fund automatically compensated for the losses incurred by the attacker, as explained by dYdX.

The report also mentioned a separate incident a week prior, in which the attacker employed the same strategy but targeted SUSHI instead. 

Although the attacker withdrew approximately $5 million in profits, it did not impact the v3 insurance fund because dYdX had raised the initial margin requirement to 100%, preventing further earnings for the attacker.

dYdX assured its users that no customer funds were affected by these attacks and indicated that the attacker likely did not profit significantly from manipulating the YFI market. 

In response to these orchestrated attacks, dYdX has implemented updates to its v3 trading platform to enhance open-interest monitoring and alerting capabilities.

Furthermore, dYdX mentioned that its upcoming v4 chain has been designed to mitigate risks similar to those encountered in this incident.

The upgraded chain incorporates a new software feature that automatically adjusts the initial margin fraction in response to abnormal price movements.

“The default code of the v4 open-source software (the ”dYdX Chain”) is already designed with these risks in mind in several ways.”