The decentralized cryptocurrency exchange dYdX has reported a significant security breach resulting in a $9 million loss from its insurance fund. The incident, which occurred in the early hours of Saturday, allegedly involved a targeted attack primarily focused on manipulating the market of the Yearn Finance (YFI) token.
Antonio Juliano, founder of dYdX, characterized the event as a “clearly targeted attack” against the platform. According to Juliano, the attack was not only sophisticated but also had a considerable impact on the entire $YFI market, which plummeted 40% in the hours after the incident.
Despite the sizable loss, which accounts for approximately 40% of the fund’s total value, dYdX has assured its users that no customer funds were compromised during the incident. The platform’s insurance fund, designed to cover shortfalls when accounts go negative, still holds $13.5 million, as per the latest updates from dYdX.
Last night about $9m from the dYdX v3 insurance fund were used to fill gaps on liquidations processed in the YFI market. The v3 insurance fund remains well funded with $13.5m in funds remaining
No user funds were affected and our team is working to investigate the event
— dYdX (@dYdX) November 18, 2023
In the wake of the attack, dYdX has initiated a thorough investigation in collaboration with multiple partners. The platform is also scrutinizing and potentially revising its risk parameters for the v3 platform and the underlying dYdX Chain software.
Details shared by Juliano indicate a sharp increase in $YFI open interest on dYdX, suggesting the involvement of a highly capitalized actor in the market manipulation. The same actor was linked to a similar, albeit unsuccessful, attempt to disrupt the dYdX $SUSHI market two weeks prior.
Juliano’s statements on social media reveal that, despite increased initial margin ratios for $YFI, the platform was unable to fully prevent the attacker’s strategy. Significant withdrawals of $USDC from dYdX right before the price crash further underscored the deliberate nature of the market manipulation.
Here are the main points we know about the $YFI incident on dYdX so far:
Reminder no user funds have been lost, but it is critical we understand what happened and adjust accordingly
– in the part few days $YFI open interest on dYdX spiked from $0.8m -> $67m
– basically all of…— Antonio | dYdX (@AntonioMJuliano) November 18, 2023
This incident has raised questions within the cryptocurrency community about the vulnerability of decentralized finance (DeFi) platforms to sophisticated attacks. Calls for increased transparency and robust security measures have intensified as stakeholders seek to understand the implications of such breaches on the broader DeFi ecosystem.
“This would probably be easier to investigate if you’d just treat every user like they could be a criminal by forcing them to share confidential personal data with you before they can trade,” said Chris Blec on X. Juliano responded, “It would be easier if we did that. But we’re not going to because we and our users care about privacy.”
dYdX has committed to sharing all relevant findings from their investigation with the public and law enforcement agencies. This move aims to bolster safety measures not only for dYdX but for other trading platforms as well.
Juliano also posted a meme featuring Avi Eisenberg, the person who manipulated Mango Markets and was arrested in Puerto Rico in December last year, potentially signaling that whoever was involved in the dYdX incident, will follow Eisenberg’s path.
Vibes pic.twitter.com/Ogt9gSI2QK
— Antonio | dYdX (@AntonioMJuliano) November 18, 2023