DeFi
DeFi giant dYdX claims its v3 platform is compromised – despite it reportedly being up for sale
Decentralized cryptocurrency exchange giant dYdX said Tuesday that one of its on-chain trading services has been “compromised” and warned users against visiting it. dydx.exchange until further notice.
Specifically, the website for dYdX v3, an older version of its trading platform that costs on average around $1.5 billion in the weekly volume of derivatives trading, “has been compromised,” according to a tweet.
The attack does not appear to impact funds that traders already have on dYdX, as only the web domain, and not the underlying smart contracts, appear to be targeted, according to statements from dYdX’s Discord server.
We have just learned that https://t.co/EP4KSH5Nmw has been compromised.
Please do not visit the website or click on any links until further notice. An update will be provided as soon as it is available.
This post is not about dYdX v4.
— dYdX (@dYdX) July 23, 2024
“The attacker took control of the v3 domain (dydx.exchange), and deployed a copycat website that, when users connect their wallets to it, asks them to approve via PERMIT2 transaction to steal their most valuable token,” a member of dYdX’s community team said on the project’s Discord server.
The largest venue of YdX v4 (which hosted last week $6 billion (in terms of trading volume) is not affected.
The issue was announced just after Bloomberg reported that dYdX v3 was up for sale, with interested buyers including major market maker Wintermute.
UPDATE (July 23, 2024, 4:29 p.m. UTC): Adds that funds on dYdX do not appear to be affected.