DeFi
dYdX Website Compromised in Latest DNS Attack Targeting DeFi Protocols – DL News
- The front-end of dYdX’s website has been compromised.
- The project’s website suffered a “DNS hijack.”
- Several DeFi projects faced the same issue last week.
DeFi exchange dYdX is the latest DeFi project to have its website compromised.
DeFi Perpetual Swap Tuesday reported that its v3 protocol web interface was compromised and warned users not to use the site.
Meanwhile, dYdX is reportedly in talks to sell its v3 protocol software to a consortium of large cryptocurrency market makers.
The dYdX v3 software is the set of smart contracts that control v3 of the protocol; the front-end is the website that users can visit to trade.
DeFi savvy users can also interact directly with the v3 smart contract without visiting the front-end website. The “front-end” of a website is what users see when they visit a site.
DYdX has a newer version called v4 which works on its own blockchain network called dYdX Chain, making it a “DEX chain,” one of the first of its kind.
DYdX Chain Has $155 Million in User Deposits, DefiLlama data shows.
The protocol allows users to trade futures contracts of cryptocurrency pairs.
Join the community to receive our latest stories and updates
The dYdX v4 protocol exists in its own blockchain, making it a DEX chain.
DYdX did not provide further details on the nature of the issue affecting its website.
The protocol’s website was listed among the DeFi front-ends Previously reported be vulnerable to domain name service hacking.
When a website is “DNS hijacked,” users are redirected to a malicious website that can be used to steal their information.
DNS attacks
Last week, a wave of coordinated protests DNS attacks spread across DeFi, affecting the front-ends of projects including lender Compound, crypto bridge Celer Network, and yield protocol Pendle.
These attacks were related to SquareSpace’s handling of its domain registration. SquareSpace, a website builder, purchased some web domains from Google and migrated them to its service.
The migration process will disable multi-factor authentication for affected domain accounts. SquareSpace has already informed Domain owners must enable multi-factor authentication to ensure the security of their domains.
Software sales
Tuesday’s incident comes as reports emerged that dYdX is considering selling its DeFi exchange software.
According to Bloomberg, anonymous sources said dYdX developers are negotiating with major crypto market makers, including Wintermute and Selini Capital, to sell the dYdX v3 software.
Acquisitions are not common in DeFi because much of the crypto software library is open source.
This way, competitors can create their own copies of existing projects, called forks.
Some protocols like Uniswap have attempted to limit this practice by placing commercial source licenses on their work to prevent unauthorized imitators.
However, this practice is frowned upon in DeFi by critics who advocate open source development.
Osato Avan-Nomayo is our DeFi correspondent based in Nigeria. He covers DeFi and technology. To share tips or story insights, please contact him at osato@dlnews.com.