The decentralized cryptocurrency exchange dYdX announced that one of its on-chain trading services had been compromised after an attacker installed a credential-stealing program on the official website of dYdX v3.
Reports of the issue with the dYdX v3 domain surfaced after it was announced to be up for sale.
DYdX V3 at Risk
According to dYdX, the attack did not compromise or affect the funds already held by traders on dYdX. This is because it targeted only the web domain, not the underlying smart contracts on the platform. dYdX urged users not to visit the domain or click on suspicious links and clarified that dYdX v4 was unaffected or compromised.
“We have just learned that the dYdX Exchange has been compromised. Please refrain from visiting the website and clicking on links until further notice. Updates will be provided when available. This message does not relate to dYdX v4.”
In a separate announcement on Discord, dYdX stated that the attacker had taken over the v3 domain and developed a copy-cat website. When users connected their wallets to the website, they were asked to approve a PERMIT2 transaction to steal their credentials.
“The attacker has taken over the v3 domain and developed a copy-cat website that asks users to approve a PERMIT2 transaction to steal their most valuable credential when they connect their wallets to it.”
dYdX also confirmed that the smart contracts were not breached, only the user interface was affected. This means that any funds deposited on the platform were not at risk. However, they cautioned against using the website for withdrawals or attempting to interact with it.
“The smart contracts on dYdX v3 are secure and not compromised. Do not attempt to withdraw funds or interact with the website until further updates.”
Problem Arises as DYdX V3 is Offered for Sale
dYdX immediately discovered the issue upon reports that dYdX v3 was up for sale, with several interested buyers including Wintermute. In a post on X, dYdX announced that it is exploring alternative strategies related to v3.
“dYdX Trading is exploring alternative strategies related to the v3 technology, which does not include Ethereum smart contracts or any technology governed by the confidential auxiliary program.”
Familiarity with Past Fraud
The current attack on the dYdX v3 website is similar to an phishing scam involving Collabland. In this fraud, a user’s wallet balance was checked as soon as they connected it to the website. If the wallet did not contain any money, users were prompted to try again with an active wallet. If a user connected a wallet containing funds, they were asked for a signature request. If the user signed this request, the hacker drained the account.
There are no details on how the attacker gained access and control of the domain name. However, attempts of DNS hijacking targeting Web3 protocols have become quite common lately. Recently, Compound Finance and Celer Network were targeted, with the attacker redirecting users to a malicious website.
Disclaimer: This article is provided for informational purposes only. It is not intended as legal, tax, investment, financial, or other advice.
No Comment! Be the first one.