Decentralized crypto-exchange giant dYdX said Tuesday that one of its on-chain trading services has been "compromised" and warned users against visiting dydx.exchange until further notice.
Specifically, the website for dYdX v3, an older version of its trading platform that averages around $1.5 billion in weekly derivatives trading volume, "has been compromised," per a tweet.
The attack does not appear to impact funds traders already have on dYdX, as only the web domain, and not the underlying smart contracts, appear to be being targeted, according to statements in dYdX's Discord server.
We just learned that https://t.co/EP4KSH5Nmw has been compromised.Please do not visit the website or clink any links until further notice. An update will be provided when available.This message does not relate to dYdX v4.
— dYdX (@dYdX) July 23, 2024
"The attacker has taken over the v3 domain (dydx.exchange), and deployed a copy-cat website that when users connect their wallets to it, it asks them to approve via PERMIT2 transaction to steal their most valuable token," a member of dYdX's community team said in the project's Discord server.
The larger dYdX v4 venue (which last week saw $6 billion in trading volume) is unaffected.
The problem was announced just after Bloomberg reported dYdX v3 is up for sale, with interested buyers including major market maker Wintermute.
UPDATE (July 23, 2024, 16:29 UTC): Adds that funds on dYdX do not appear to be affected.