DNS/CDN/frontend hash drift

dYdX v4 (dYdX Chain)'s assessment for RD-F-105 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

T-09 phase-2 signal. dYdX suffered two DNS hijacking incidents on dydx.exchange (Jul 9 and Jul 23, 2024) before migrating to Cloudflare registrar and transitioning to dydx.xyz/dydx.trade. The v4 frontend uses IPFS with Cloudflare DNS and is open-source (github.com/dydxprotocol/v4-web). The Jan 2026 supply-chain attack used typosquatted subdomain dydx.priceoracle.site (not a DNS hijack of dydx.xyz). No current unscheduled DNS drift on dydx.xyz/dydx.trade detected from available sources as of 2026-05-17. Yellow: persistent adversarial interest in dYdX frontend distribution channels; live T-09 phase-2 monitoring is not yet wired up; historical DNS attack pattern demonstrates real attack surface.

Sources #

URL
DNS Nameserver Hijacking PostmortemdYdX DNS nameserver hijacking postmortem — July 2024 incidentsretrieved 2026-05-17
URL
v4 Deep Dive: Front EnddYdX v4 frontend deep dive — IPFS and Cloudflare deployment architectureretrieved 2026-05-17

Methodology #

Detect whether the hash of production frontend JS changes versus the prior published hash, or a DNS config change is detected.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dydx-v4 factor RD-F-105 score yellow collected_at 2026-05-17 09:58:47