On September 23rd, 2022 at 6:14AM EST, we identified malicious versions published to a number of dYdX NPM packages that were quickly removed.
After our initial investigation, we stated the following:
1. All funds were SAFE
2. Our websites/apps were NOT compromised
3. The attack did NOT impact smart contracts
We have worked with an external forensics firm and confirmed our initial findings, and the post mortem is that (i) all funds are safe, (ii) our website/apps were not compromised, and (iii) the attack did not impact smart contracts. dYdX does not custody user funds, which are deposited directly by users to a smart contract on the blockchain.
To learn more about our plans and for the most recent updates regarding dYdX, join us on Discord and Twitter.
About dYdX
dYdX is the developer of a leading decentralized exchange on a mission to build open, secure, and powerful financial products. dYdX runs on audited smart contracts on Ethereum, which eliminates the need to trust a central exchange while trading. We combine the security and transparency of a decentralized exchange, with the speed and usability of a centralized exchange.