dYdX v3 Compromised In Suspected DNS Attack

Decentralized cryptocurrency exchange dYdX announced that one of its on-chain trading services had been compromised after an attacker installed a token-draining program on dYdX v3’s official website. 

Reports of the problem on the dYdX v3 domain emerged after it was announced that it was up for sale. 

dYdX v3 Compromised 

According to dYdX, the attack has not compromised or impacted any funds traders already have on dYdX. This is because only the web domain was targeted, not the underlying smart contracts on the platform. dYdX urged users not to visit the domain or click suspicious links and clarified that dYdX v4 was not impacted or compromised. 

“We just learned that dYdX Exchange has been compromised. Please do not visit the website or click any links until further notice. An update will be provided when available. This message does not relate to dYdX v4.”

In a separate announcement on Discord, dYdX stated that the attacker had taken over the v3 domain and deployed a copy-cat website. When users connected their wallets to the website, it asked them to approve a PERMIT2 transaction to steal their tokens. 

“The attacker has taken over the v3 domain and deployed a copy-cat website that asks users to approve via PERMIT2 transaction to steal their most valuable token when they connect their wallets to it.”

dYdX also confirmed that smart contracts were not compromised. Only the user interface was impacted. This means any funds deposited on the platform were not at risk. However, it did warn that the website should not be used for withdrawals or for users to attempt to interact with it. 

“The smart contracts on dYdX v3 are safe and are not compromised. Do not attempt to withdraw any funds or interact with the website until further update.”

Problem Occurs As dYdX v3 Put Up For Sale

dYdX discovered the issue just after reports that dYdX v3 was up for sale, with several buyers showing interest. The list of interested parties also includes Wintermute. In a post on X, dYdX announced it was exploring strategic alternatives related to v3. 

“dYdX Trading is exploring strategic alternatives related to the v3 technology, which does not include the Ethereum smart contract or other technology governed by the utility token.”

Familiarities With Earlier Scam 

The current attack on the dYdX v3 website is similar to a phishing scam involving Collabland. In this scam, a user’s wallet balance was checked once they connected it to the website. If the wallet did not contain any funds, users were urged to try again with an active wallet. If a user connected a wallet containing funds, they were prompted by a signature request. If the user signed this request, the hacker drained the account.

There are no details about how the attacker gained access to and control of the domain name. However, DNS hijacking attempts targeting Web3 protocols have become quite common in recent times. Compound Finance and Celer Network were recently targeted, with the attacker redirecting users to a malicious website.

Disclaimer: This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice