Decentralized crypto-exchange giant dYdX said Tuesday that one of its on-chain trading services has been “compromised” and warned users against visiting dydx.exchange until further notice.
Specifically, the website for dYdX v3, an older version of its trading platform that averages around $1.5 billion in weekly derivatives trading volume, “has been compromised,” per a tweet.
The attack does not appear to impact funds traders already have on dYdX, as only the web domain, and not the underlying smart contracts, appear to be being targeted, according to statements in dYdX’s Discord server.
“The attacker has taken over the v3 domain (dydx.exchange), and deployed a copy-cat website that when users connect their wallets to it, it asks them to approve via PERMIT2 transaction to steal their most valuable token,” a member of dYdX’s community team said in the project’s Discord server.
The larger dYdX v4 venue (which last week saw $6 billion in trading volume) is unaffected.
The problem was announced just after Bloomberg reported dYdX v3 is up for sale, with interested buyers including major market maker Wintermute.
UPDATE (July 23, 2024, 16:29 UTC): Adds that funds on dYdX do not appear to be affected.