- dYdX affirms the v4 platform is unaffected by the DNS hijack.
- The native token dYdX fell over 10% following the website compromise.
The dreadful hack of July that shook the entire crypto community was WazirX’s $230 million attack. Besides this, there was a minor breach staged. On July 23, dYdX, an Ethereum decentralized exchange (DEX), encountered a DNS hijack.
What actually happened? How quickly did the platform recover? Who was affected, and what was the amount of funds lost? Let’s dive in to know it briefly.
dYdX’s Analysis on The DNS Attack
The DNS hijack occurred after unauthorized individual access to dYdX Trading’s domain — “dydx.exchange” —through a social engineering attack on its Squarespace customer support. Reportedly, the attacker hosted a “malicious site” making users transfer ETH and ERC-20 tokens when connecting wallets. The security breach has no significant monetary loss. However, two users ended up losing $31K during the attack.
Furthermore, the attacker had set a new domain admin email to an address ending in outlook.com. All other admin accounts had been removed by the attacker. Also, the attacker’s email address has a username similar to the legal name of the billing administrator on dYdX’s Squarespace account. This hinted at the possibility of a social engineering attack since the attacker chose a human-believable email address.
The team clarified that the hack affected only the version 3.0 website’s interface and assured the safety of its version 4.0 platform. Also, dYdX Chain remained unaffected.
On the official blog, dYdX stated:
“For clarity, no security issues with smart contracts, backend systems, or other company-associated accounts were found as a result of either incident. No issues with dYdX Chain were created by either incident.”
How Did dYdX Recover?
Within hours, the exchange announced its recovery of the website and invited users to resume using the app. According to dYdX’s research analysis on the Squarespace domain hack, the exchange has decided to change domain registrars.
The recovery process was delayed for over 30 minutes due to maintenance from Squarespace’s third-party vendor, which prevented changing the DNS nameservers back to Cloudflare. To safeguard users, dYdX worked with SEAL and crypto wallets such as Metamask and Phantom to block the site for the duration of the attack.
The DEX’s native token DYDX fell over 10% following the website compromise, hitting a low of $1.18. However, after the exchange recovered and reassured users of their safety, the token reached $1.29, noting a spike of 0.58% in the last 24 hours.
The community reacts in a way that in recent days, crypto hacks are not a secluded incident. dYdX responded quickly to the security breach. Moreover, the DNS hacks remind the need for sturdy measures against such attacks.
Highlighted Crypto News