Security Breach at dYdX: Users Warned Against Visiting Compromised Site

Security Breach at dYdX: Users Advised to Stay Cautious

In a significant development, decentralized crypto-exchange titan dYdX announced on Tuesday that one of its on-chain trading services has been “compromised.” The exchange has issued a warning to users, urging them not to visit dydx.exchange until further notice.

The issue specifically pertains to dYdX v3, an older iteration of its trading platform that typically handles an impressive average of $1.5 billion in weekly derivatives trading volume. According to a tweet from the company, “the website for dYdX v3 has been compromised.”

Initial assessments indicate that the attack does not impact the funds that traders currently hold on dYdX. It appears that only the web domain is under threat, rather than the underlying smart contracts, as noted in the discussions on dYdX’s Discord server.

A community team member shared insights, stating, “The attacker has seized control of the v3 domain (dydx.exchange) and has deployed a fraudulent copy of the website. This counterfeit site prompts users to connect their wallets, requesting approval through a PERMIT2 transaction—which is designed to steal their most valuable tokens.”

Importantly, the larger dYdX v4 platform remains unaffected by this breach. Just last week, dYdX v4 recorded a staggering trading volume of $6 billion.

This alarming incident was brought to light shortly after a report from Bloomberg indicated that dYdX v3 is currently on the market, with notable buyers such as major market maker Wintermute expressing interest.

UPDATE (July 23, 2024, 16:29 UTC): The latest information confirms that funds on dYdX do not appear to be compromised in this incident.