Decentralized cryptocurrency exchange giant dYdX said Tuesday that one of its on-chain trading services had been “compromised” and warned users not to visit dydx.exchange until instructed otherwise.
Specifically, the website of dYdX v3, a legacy trading platform with an average weekly derivatives trading volume of $1.5 billion, was “compromised,” according to a report. chirp.
According to statements made on dYdX’s Discord server, the attack does not appear to have affected funds already held by dYdX, only the web space was targeted, and the underlying smart contracts were not targeted.
We’ve just learned that https://t.co/EP4KSH5Nmw has been compromised.
Please do not visit the website or click on any links until further notice. An update will be provided when available.
This message does not apply to dYdX v4.
— dYdX (@dYdX) July 23, 2024
“The attacker hijacked the v3 domain (dydx.exchange) and when users connected their wallets to it, they created a fake website that asked them to give their consent via the PERMIT2 transaction in order to steal their most valuable tokens,” a member of dYdX’s community team explained on the project’s Discord server.
The larger dYdX v4 platform (which saw $6 billion in trading volume last week) was not affected.
The issue was reported shortly after Bloomberg reported that dYdX v3 was up for sale and that interested buyers were found, including major market maker Wintermute.
UPDATE (July 23, 2024, 16:29 UTC): Funds on dYdX are reportedly unaffected.