VERDICT —OUT OF SCOPE
Root cause is infrastructure (DNS / cloud / database / third-party API) compromise, not on-chain contract logic. Pre-deployment source review would not surface this; coverage lives in cloud-security + supply-chain audit, separate discipline.
▰ METHOD
INFRASTRUCTURE
INFRASTRUCTURE
Root cause
Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
Forensic narrative
On July 23, the dydx.exchange domain was discovered to have been compromised. The attacker changed the DNS Nameservers from Cloudflare to DDoS-Guard. The attacker also successfully removed the DNSSEC settings on the domain. The attacker hosted a malicious site which requested that any connected wallets transfer ETH and other ERC20 tokens to the attacker’s Ethereum address. Two users were affected, resulting in a loss of approximately $31,000. Attack method (per SlowMist): DNS Attack. Reported loss: $ 31,000.
Sourced from
slowmist
Technical record
- chain
- ethereum
- protocol
- dYdX
- bug_class
- infrastructure
- date_occurred
- 2024-07-23
- loss_usd
- $31,000
- source_id
- sm:dydx::2024-07-23
Related — same bug class· infrastructure