Enter Your Information Below To Receive Free Trading Ideas, Latest News And Articles.
Your information is secure and your privacy is protected. By opting in you agree to receive emails from us. Remember that you can opt-out any time, we hate spam too!
On August 9th 2020, a malicious actor launched a targeted attack on two DeFi projects, YFI Token and dYdX, resulting in the theft of over $9 million worth of cryptocurrencies. This attack exploited a security vulnerability which allowed the bad actor to exploit a smart contract, allowing them to mint (create) an unlimited number of YFI Tokens and create a large number of fake orders on dYdX, manipulating the market prices of certain assets.
The vulnerability was created by a bug in the code of the dYdX smart contract, which had been recently updated but not thoroughly tested. This bug allowed the malicious actor to use the smart contract to mint and claim YFI tokens while creating thousands of fake trades on dYdX using funds from the dYdX accounts.
The attackers took advantage of the vulnerability to send YFI tokens to external addresses, and then used the fake orders on dYdX to pump the prices of a few assets on the platform. This allowed them to artificially inflate the prices of certain assets and then quickly dump them for a profit.
The attack was quickly shut down after the DeFi community noticed what was happening and alerted the developers, who stopped the malicious actor from continuing the attack. The security vulnerability was then patched, and the dYdX team suspended all trading for a 24-hour period while they reviewed their platform security protocols.
The developers have provided a detailed report of the incident and are in the process of assessing and compensating all of their users for their losses. They are also working with the appropriate law enforcement agencies to ensure that the malicious actor is brought to justice.