Skip to content

dYdX Post-Mortem Reveals Two Users Lost $31K in DNS Hijack

dYdX's post-mortem revealed two users lost $31K, not much is known about the attacker

Table of Contents

A dYdX post-mortem has revealed that two users lost approximately $31,000 in its recent DNS (Domain Name System) hijack.

According to dYdX, on July 23, 2024, the "dYdX.exchange" domain was compromised when an attacker changed the DNS nameservers and removed the DNSSEC which is supposed to act as a layer of trust on top of the DNS by providing authentication.

Hackers Took Over dYdX Domain... ’Cos SquareSpace (Again)
dYdX’s website was another victim of Squarespace’s domain vulnerability

dYdX immediately contacted Squarespace’s customer support, who restored domain possession and fixed the DNS nameserver resolution within a few hours, despite a 30-minute delay due to third-party vendor maintenance.

Squarespace DNS Hack Exposes Hundreds of DeFi Projects to Drainer Attacks
Your DeFi future, compromised, brought to you by Squarespace.

During this delay, the attacker hosted a malicious site, requesting connected wallets to send ETH or any ERC20 token to the attacker's address. At the same time, dYdX worked with SEAL to blacklist the site from crypto wallets such as Metamask and Phantom.

Source: https://cointelegraph.com/news/dydx-v3-compromised-apparent-dns-attack

Unfortunately, two users lost their funds by interacting with the compromised site and dYdX is working with the victims to recover the funds.

"2 users were affected with approximately $31,000 in lost funds due to this attack. dYdX trading is in contact with both affected users and is assisting in securing their wallets and is committed to recovering funds," dYdX explained.

Although the identity of the attacker is unknown, they seem to be a fairly skilled actor. The postmortem analysis raises the potential of a social engineering attack because the perpetrator deliberately selected a human-believable email address.

Earlier this month, the decentralized finance (DeFi) ecosystem was rocked by a massive DNS hijacking incident that targeted multiple DeFi applications.

The attack, traced back to a vulnerability in Squarespace’s domain registry, compromised numerous DeFi platforms, including Compound Finance and Pendle Finance.

Latest

De-Dollarisation: More BRICS in the Wall

De-Dollarisation: More BRICS in the Wall

The BRICS nations, led by China and Russia, are accelerating efforts to reduce reliance on the US dollar in global trade and finance. Cryptocurrencies and blockchain technology are emerging as key tools in this de-dollarization push, even as BIS officials are considering nixing the mBridge project.