dYdX Releases Report on July 23 DNS Attack
The attack was linked to a forced migration of domains from Google Domains to Squarespace.
On this page
The attack was linked to a forced migration of domains from Google Domains to Squarespace.
On July 9, an attacker breached the administrator account of dydx.exchange on Squarespace through a vulnerability in the OAuth authentication mechanism. The security system detected the intrusion and blocked access to the compromised website. The dYdX team restored access and necessary settings, and Squarespace later reported that the vulnerability had been fixed.
However, on July 23, the dydx.exchange domain suffered another attack. The hacker managed to change the administrator account's email to their own using Squarespace’s account recovery mechanism. They deceived hosting service staff using social engineering, disabled 2FA, and entered their own registration data, gaining control over the domain.
This time, the attacker redirected visitors of dydx.exchange to a phishing website attempting to steal ETH and ERC20 tokens. According to dYdX's report, two users were affected, losing approximately $31,000. The aftermath of the attack was mitigated within a few hours.
On July 24, dYdX moved the domain registration from Squarespace to Cloudflare.
dYdX is now working on reimbursing the lost funds to the affected users.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.