Prior exploit count

dYdX v4 (dYdX Chain)'s assessment for RD-F-077 — scored green on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

Zero confirmed on-chain contract exploits on dYdX v4 in ~19 months of live operation. Two chain-halt incidents (Apr 2024, Oct 2025) were operational bugs (failsafe activations), not attacker-driven contract exploits. The Oct 2025 incident resulted in ~$462K losses from stale-oracle trades on resumption — classified as protocol-level execution error, not a smart-contract exploit. The Feb 2026 SDK supply-chain compromise did not affect on-chain protocol funds (Go chain binary confirmed unaffected). The v3 YFI incident (Nov 2023) is on dYdX v3 StarkEx L2 on Ethereum and is fully excluded from v4 Cat 5 scoring. Hacks DB entry dydx.md explicitly labels the protocol as dYdX v3 and the event as pre-v4 full-production launch.

Sources #

URL
October 2025: dYdX Chain Incident Review & Community UpdateOct 2025 dYdX Chain incident review (no exploit — chain halt)retrieved 2026-05-17
URL
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT MalwareFeb 2026 supply-chain — on-chain binary unaffectedretrieved 2026-05-17
Internal
dYdX hack report (v3 StarkEx L2 incident)Hacks DB dydx.md (v3 only — excluded from v4 scoring)retrieved 2026-05-17

Methodology #

Count the number of distinct incidents in the hack database affecting this protocol.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dydx-v4 factor RD-F-077 score green collected_at 2026-05-17 09:58:47