Table of Contents
dYdX was the latest victim of a DNS Hijack following a vulnerability in Squarespace’s domain registry. "dydx.exchange" domain was one of the notable domains at risk pointed out by Defilama contributor @0xngmi.
Earlier this month, the decentralized finance (DeFi) ecosystem was rocked by a massive domain name system (DNS) hijacking incident that targeted multiple DeFi applications.
The attack, traced back to a vulnerability in Squarespace’s domain registry, compromised numerous DeFi platforms, including Compound Finance and Pendle Finance.
Blockhead
On 23 July, dYdX faced a similar fate. After gaining control of the v3 domain (dydx.exchange), the attacker deployed a malicious smart contract in an attempt to steal users' tokens according to a community member in the discord server.
Thankfully, the team was able to retain control within four hours from when the hack was reported.
dYdX advised users to clear their cache and reboot their browsers before reconnecting to its website.
"Please note that your machine may still be caching the compromised site," dYdX warned.
https://t.co/Ym1dFLLOwx website has been recovered by dYdX Trading Inc. 🙏
— dYdX (@dYdX) July 23, 2024
Please note that your machine may still be caching the compromised site.
Make sure to clear your cache and restart your browser before connecting to the website.
Price reacted violently with dYdX dropping 8% with huge volume from the time of hack was announced. New of dYdX in the talks to sell the trading platform could have also contributed to the sell-off.
It is unclear how much was stolen or if any users lost money. However one thing is sure, this will unlikely be the last stemming from the SquareSpace domain vulnerability.
