Decentralized exchange dYdX has used its insurance fund to cover losses amounting to $9 million resulting from a “targeted attack” against the exchange.
In a Saturday post on X (formerly Twitter), the dYdX team said that the v3 insurance fund was deployed “to address gaps in the liquidation process within the YFI market.”
“The v3 insurance fund remains well funded with $13.5m in funds remaining. No user funds were affected and our team is working to investigate the event,” they added.
Last night about $9m from the dYdX v3 insurance fund were used to fill gaps on liquidations processed in the YFI market. The v3 insurance fund remains well funded with $13.5m in funds remaining
No user funds were affected and our team is working to investigate the event
— dYdX (@dYdX) November 18, 2023
Likewise, dYdX founder Antonio Juliano confirmed the attack in a post on X, calling the event “pretty clearly a targeted attack against dYdX.”
The Yearn.Finance (YFI) token witnessed a 43% drop on November 17th after experiencing a remarkable surge of over 170% in the preceding weeks.
How Did dydx Hackers Pull the Attack?
The alleged attack specifically targeted long positions in YFI tokens on the exchange, resulting in the liquidation of positions worth nearly $38 million.
Juliano suspected that trading losses incurred by dYdX, along with the significant decline in YFI, were the result of market manipulation.
He further announced that a comprehensive review of risk parameters would be conducted, and appropriate modifications would be made to both v3 and potentially the dYdX Chain software if necessary.
As a first step against a future incident, dYdX increased margin requirements for “less liquid” markets including EOS, RUNE, AAVE, and others.
The profitable trade that triggered the attack wiped out over $300 million in market capitalization from the YFI token, raising suspicions within the community about a potential insider job in the YFI market.
Some users have claimed that 50% of the YFI token supply is held in 10 wallets controlled by developers.
However, data from Etherscan suggests that some of these holders are crypto exchange wallets rather than developer-controlled addresses.
The dydx hack comes as hacks and scams continue to plague the crypto industry.
According to a report by blockchain security platform Immunefi, there were 76 hacks on crypto and Web3 projects and firms in Q3 2023, a significant increase compared to the 30 hacks reported in the same period in 2022.
In total, approximately $332 million has been lost to various exploits, hacks, and scams throughout September, marking a record-high month for crypto exploits.
Earlier this month, DeFi platform Raft also suffered a hack resulting in the loss of approximately $3.3 million in Ethereum ( ETH).
Raft’s hack marked the second major crypto exploit on the same day. Earlier, an attacker drained approximately $114 million in digital assets from the centralized exchange Poloniex.