Exploring dYdX Price Manipulation

This article is jointly published by X-explore and WuBlockchain.

On 18 Nov 2023, about $9m from the dYdX v3 insurance fund were used to fill gaps on liquidations processed in the YFI market, and the CEO said this was pretty clearly a targeted market manipulation attack against dYdX.

We do an exploring of dYdX price manipulation in $YFI.

From this article, readers will know:

Based on chain info, how the hacker gets the profit in dYdX about YFI price manipulation.
The total profit of this hacker.
The on-chain trace and de-anonymize of the hacker.

1. The process of hacker in dYdX

l2beat shows the detail of balance of the address in dYdX. We take 0x779c313c968aA36fb696DAcca674Dc757c8BB4C2 as an example. This address earns 750% profit before busted trade.

dYdX Explorer

Balance changes of user 0x02d67dfaba1d195c0cbbda8ce051922d23ac7adbbb90a4cb3be667708a200556

https://explorer.dydx.exchange

First, deposit 35,000 USDC to dYdX at 2023-11-07 23:35:23.
And then, open 49.67 YFI-USDC contract at the price of 6,199U. The cost is 302,865U and the leverage is 8.6X at 2023-11-09 00:39:11.
Then, between 2023-11-11 04:46:23 and 2023-11-17 14:32:35, with the increase of the YFI price, the hacker withdrew the unrealized profit 6 times and 271,602 USDC. The total profit is 236,602 USDC.
Finally, at 2023-11-18 10:40:47, the address is bust trade after the huge decrease in price. The balance of YFI and USDC is to the zero. It is worth mentioning that at the time of brute force, the on-site price of dYdX was approximately 9,000U, and the forced liquidation price was 11,400U. So the dYdX insurance fund lost a lot.

We also want to find the evidence to show the price manipulation in the dex as this hacker did at the beginning of Nov, 2023 like this twitter https://twitter.com/lookonchain/status/1719403866146656447.

However, we cannot find any suspicious transaction or address. We guess that this price manipulation in YFI is only in the dYdX because the open interest of dYdX is positively related to the price. Just a guess.

2. Hacker Profit

The hacker has 129 addresses and we can calculate the profit according to sum the inflow and outflow between these addresses and dYdX fund address.

Here is an overall screenshot of the hacker addresses. The hacker earns 12.75M in the dYdX and the 5.55M is from YFI and the other is from Sushi.

3. Hacker Anonymization

The profit in the above addresses in part2 deposited to Huobi Exchange via two combined addresses. We do a cross exchange fund trace and find a suspicious address related to the hacker and part of the fund to this address 0x8Af700bA841f30e0a3Fcb0EE4C4A9D223E1eFA05. This address is a frequently used address and has connections with Binance and Bitget.

In addition, we can also see on the chain that this suspicious address and the hacker address are basically exactly the same at the time when they purchased sDAI and manipulated the price of Sushi on DEX.

For more, please follow x-explore.

Mirror: https://mirror.xyz/x-explore.eth

Twitter: https://twitter.com/x_explore_eth