dYdX Exchange Releases Postmortem on $31K Squarespace Account Hack Lost

cryptonews.com:

dYdX, a prominent crypto exchange, announced on July 23 that its version 3.0 website had been compromised.

Users have been advised to avoid visiting the version 3.0 site or clicking any links until further notice. However, the team assured users that version 4.0 remains unaffected and is functioning normally.

dYdX has released a detailed postmortem on the Squarespace account hack, outlining the events and their responses. The exchange has decided to change domain registrars and continues to work with SEAL and other partners to prevent future incidents.

The domain registrar for https://t.co/Ym1dFLMmm5 (previously Squarespace) has confirmed that on July 23rd, dYdX Trading’s Squarespace account was accessed by unauthorized individuals after they successfully social-engineered Squarespace customer support.

— dYdX (@dYdX) July 25, 2024

According to the postmortem, the breach occurred after unauthorized individuals accessed dYdX Trading’s Squarespace account through a social engineering attack on Squarespace customer support.

During the two-hour hijacking of the exchange domain , two users lost funds totaling approximately $31,000. dYdX Trading is in contact with the affected users to ensure they are compensated.

In 2023, Squarespace acquired all domains from the now-defunct Google Domains, migrating them over several months. The dydx.exchange domain, owned by dYdX Trading, was moved to Squarespace on June 15, 2024.

On July 9, attackers gained access to the dydx.exchange domain and modified the DNS nameservers from Cloudflare to DDoS-Guard.

This initial attack was mitigated by DNSSEC settings, which prevented users from accessing the compromised site. DYdX quickly resolved the issue through password and two-factor