- Exchange developed enhanced v4 platform to alleviate future risks
- The attacker opened multiple 5x leveraged long positions for YFI/USD
- He used different addresses and hiked up YFI token price 215%
Decentralized exchange dYdX has identified the individual behind the attack against its v3 platform in November, Cointelegraph wrote. The exchange is considering taking legal action against them.
dYdX had to cover $9 million in user liquidations on Nov. 17. The money came from its insurance fund.
Preventive measures
The exchange has made improvements to its trading platform to augment open interest alerts and monitoring and avoid similar coordinated attacks in the future. Its enhanced v4 platform was developed specifically to alleviate such risks. One of its new features adjusts the initial margin fraction automatically when prices undergo abnormal changes.
The attack, postmortem
In inspecting the method of the attack, the exchange noticed that the attacker had opened multiple 5x leveraged long positions for the YFI/USD trading pair. He did this for more than 100 wallets. The perpetrator used different addresses to buy spot Yearn.finance (YFI) tokens, which hiked up the YFI token’s price 215%.
Then, the cybercriminal multiplied his unrealized profits by inputting further YFI/USD positions, up to around $50 million. dYdX increased the initial margin requirement and reduced the incremental and base position sizes in the YFI/USD market on Nov. 17 to contain the damage.
YFI token lost a third of its value in one day
The following day, the price of YFI had plummeted by almost 33%, leaving the attacker unable to close his positions. When his balance became negative, the exchange’s insurance fund automatically covered his losses.
Attacker made $5M from SUSHI/USD a week earlier
dYdX reported that the individual had made $5 million using the same strategy on SUSHI/USD a week before the YFI attack. This had no impact on the insurance fund because dYdX had raised the upfront margin requirement to 100%, stopping the criminal from profiting further.
The exchange clarified that the attacker did not profit from the YFI market and his actions had no effect on customer funds.