At 05:21 UTC today the dYdX team was alerted of a security issue with a recently deployed smart contract.
❗If you have set allowance to deposit to trade.dydx.exchange since Wednesday 11/24 read on for important recovery information❗
If you have not set allowance to deposit since Wednesday, you are unaffected.
NO FUNDS WERE LOST AND ALL FUNDS ARE SAFE 🔒
A white hat recovery of potentially vulnerable funds was executed in partnership with samczsun and the dYdX team, and all potentially vulnerable funds were saved. 700 accounts and ~$2.5M were affected, and a full list of affected accounts can be found here: XX
If you have set allowance to deposit funds to trade.dydx.exchange since Wednesday 11/24:
Your funds are safe.
DO NOT SEND ADDITIONAL FUNDS TO YOUR WALLET UNTIL COMPLETING THE RECOVERY STEPS at trade.dydx.exchange.
Your affected funds (if any), even those that have not been deposited to dYdX, have been moved to an escrow smart contract as part of the white hat recovery. Only your wallet has authorization to withdraw your funds from the contract
Go to trade.dydx.exchange to complete the recovery process. This will involve unsetting your allowance on the vulnerable smart contract, and then recovering your funds back to your wallet.
Once you have completed the recovery steps at trade.dydx.exchange, your wallet is safe and can be used again ✅
A longer message with more information will follow shortly once affected accounts have had a chance to recover. In the meantime deposits in non-USDC assets and gasless deposits have been disabled.
A full incident report will be released soon after that.
You can read more about our authors here.