Dydx V3 hit by ‘targeted attack,’ linked to YFI price manipulation
User funds are not affected by the attack, but the DEX’s insurance fund lost around $9 million, dYdX founder Antonio Juliano says
Maurice NORBERT/Shutterstock, modified by Blockworks
Around $9 million in dYdX v3’s insurance fund, roughly 40% of its total v3 funds, was used to process liquidations after an organized attack this weekend.
According to dYdX founder Antonio Juliano, the open interest (OI) for YFI, DeFi protocol Yearn Finance’s native token, had spiked from $0.8 million to roughly $67 million on the decentralized exchange (DEX), trading at a significantly higher price than other perpetual trading platforms.
OI refers to the amount of all outstanding derivative contracts and keeps track of all unsettled positions. The greater amount of contracts, the higher the OI.
This was the result of one malicious actor, Juliano wrote on X, pointing at on-chain transactions, noting that it was likely that this same actor had also attempted a similar attack on the SUSHI market on dYdX just two weeks ago.
As an immediate solution, dYdX increased the initial margin ratios for YFI and other less liquid markets. These include EOS, AAVE, 1NCH, SHUHI, and CELO tokens, just to name a few. This move, Juliano noted, was ‘ultimately not sufficient.’
The price of YFI tokens crashed, which had risen over 200% between Oct. 20, 2023 and Nov. 17, plummeted about 35% in the space of one hour, Saturday.
“The actor was able to withdraw a good amount of $USDC from dYdX right before the price crash,” Juliano wrote on X.
Additionally, according to on-chain transactions, one whale was able to sell 96 YFI for an estimated $1.23 million in ether before the token tumbled.
dYdX has not immediately responded to Blockworks’ request for commentary.
The dYdX team is currently working with centralized exchanges to confirm further details about the incident, and the decentralized exchange posted on X that it has banned trading on “highly profitable strategies,” an ironic reference to the exploits of Avraham Eisenberg, who allegedly pulled off a similar stunt in October 2022 on Solana DeFi platform Mango Markets, and was arrested on fraud charges.
Additionally, the team has revealed that it will pay bounties to those who are most helpful in aiding the investigation, and has no plans to negotiate with the attacker.
“We and others have made significant progress into identifying the attacker. We are in the process of reporting the information we have to the FBI,” Juliano wrote.
There is still an additional $13.5 million in funds in dYdX v3’s insurance fund, and no user funds have been affected by the attack, Juliano said.
Although there have been criticisms for a lack of decentralized governance around the latest events, Juliano notes that this particular attack occurred on dYdX v3, where the order book and matching remained centralized.
The process would be different if these events occurred on the newly launched dYdX chain, which has different risk controls.
Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.
