📣 dYdX Releases Report on July 23 DNS Attack
posted 26 Jul 2024
The attack was linked to a forced migration of domains from Google Domains to Squarespace.
On July 9, an attacker breached the administrator account of dydx.exchange on Squarespace through a vulnerability in the OAuth authentication mechanism. The security system detected the intrusion and blocked access to the compromised website. The dYdX team restored access and necessary settings, and Squarespace later reported that the vulnerability had been fixed.
However, on July 23, the dydx.exchange domain suffered another attack. The hacker managed to change the administrator account's email to their own using Squarespace’s account recovery mechanism. They deceived hosting service staff using social engineering, disabled 2FA, and entered their own registration data, gaining control over the domain.
This time, the attacker redirected visitors of dydx.exchange to a phishing website attempting to steal ETH and ERC20 tokens. According to dYdX's report, two users were affected, losing approximately $31,000. The aftermath of the attack was mitigated within a few hours.
On July 24, dYdX moved the domain registration from Squarespace to Cloudflare.
dYdX is now working on reimbursing the lost funds to the affected users.