The website for crypto exchange dYdX’s version 3.0 has been “compromised,” according to a July 23 social media post from the exchange’s team. However, the team stated that version 4.0 on Cosmos has not been compromised and is functioning normally. Users are being warned that they should not “visit the website [for v3] or click any links until further notice.”
The user interface for dYdX v3 is located at dydx.exchange.
dYdX has confirmed that the app’s smart contracts have not been compromised. Only the user interface is affected, so funds currently deposited should not be at risk, and the site should not be used to attempt withdrawals.
Related: dYdX moves to Cosmos-based blockchain for v4 to optimize decentralization
Cointelegraph journalists attempted to connect to the compromised website with a test Ethereum account that held no balance. In response, the site produced an error stating, “Your wallet is not eligible. Something went wrong. Please try again with an active wallet.”
A similar error message was shown in a fake Collab.land phishing scam that a victim reported to Cointelegraph in February. This earlier scam appeared to check the user’s wallet balance once it was connected to the site. If the wallet did not have a balance, the user was told to try again with an “active wallet.” If the user then connected with a wallet that held funds, they were presented with a signature request. If they signed this request, their account was drained.
공격자가 dYdX 버전 3.0의 공식 도메인에 토큰을 탈취하는 프로그램을 설치한 것으로 보입니다.
발표 당시, 팀은 공격자가 앱의 도메인 이름을 어떻게 제어하게 되었는지에 대한 추가 세부 정보를 제공하지 않았습니다. 그러나 최근 Web3 프로토콜에 대한 도메인 이름 서비스(DNS) 탈취 시도가 흔해지고 있습니다. 7월 11일에는 Compound Finance와 Celer Network가 DNS 공격의 목표가 되었으며, 공격자는 Compound의 웹사이트를 악성 웹사이트로 리다이렉트하여 토큰을 탈취하려고 했습니다.
이는 진행 중인 사건이며, 추가 정보가 확보되는 대로 업데이트될 것입니다.
잡지: Crypto-Sec: Evolve Bank, 데이터 유출 피해; Turbo Toad 팬, 3,600달러 손실