Decentralized crypto-exchange dYdX announced that its website for on-chain trading service on dYdX v3 has been compromised, urging users to avoid visiting the dydx.exchange site until further notice.
According to a tweet from dYdX, the attack targets the web domain but not the underlying smart contracts, meaning users’ funds remain secure. The breach affects the website for dYdX v3, an older version of the trading platform that handles around $1.5 billion in weekly derivatives trading volume.
In dYdX’s Discord server, a community team member explained that the attacker had taken over the v3 domain and deployed a counterfeit website. This fake site prompts users to connect their wallets and approve a PERMIT2 transaction, allowing the attacker to steal valuable tokens.
The vulnerability does not impact the more modern dYdX v4 platform, which last week saw $6 billion in trading activity. Shortly after Bloomberg revealed that dYdX v3 was for sale and that notable market maker Wintermute was among the possible bidders, the problem was made public.
This circumstance emphasizes how consumers should proceed with caution and confirm the legitimacy of websites before engaging with them, particularly when it comes to bitcoin exchanges. dYdX is tackling the problem head-on and making strides to safeguard its network.
Also Read: dYdX Launches Version 5.0.0 with Isolated Markets and LP Vaults
