dYdX Reveals Post-Mortem Findings: Identifies Attacker and Considers Legal Measures
The post-mortem findings of the dYdX attack carried out earlier in the week are now available.
According to an official statement from the team, it has been confirmed that the attacker obtained access to the “write-only secret key” associated with four of the dYdX’s cold wallets. This enabled the attacker to generate transactions and move most assets in these wallets out.
A thorough investigation of the attack details and timeline has been conducted and the team has identified the perpetrator of the attack. dYdX retains the rights to take appropriate legal action with respect to the attack.
In response to this event, dYdX has identified the Sandated Credentials, software, and processes that will further reduce the risk of such an attack re-occurring in the future. Moreover, it has taken preventive steps to prevent similar attacks from happening in the future, such as enhancing its risk surveillance and security processes, protecting the software dependencies and system code, and adding additional measures to its API. It is also continuing to investigate and reassess all risk factors and enhance its internal security.
The dYdX team is grateful for the ongoing support of users and remains committed to pursuing high standards of security both within the platform and surrounding the platform.