Malicious dYdX client packages were published to npm and PyPI after a maintainer compromise, enabling wallet credential theft and remote code executio...

Socket

Socket's Threat Research Team discovered a supply chain attack on dYdX protocol packages across npm and PyPI. Malicious versions of @dydxprotocol/v4-client-js and dydx-v4-client were published after maintainer compromise, containing credential theft malware that exfiltrates cryptocurrency wallet seed phrases and device fingerprints. The PyPI version additionally included a Remote Access Trojan enabling arbitrary code execution. The attack targeted developers building trading bots and DeFi applications, with the malicious infrastructure registered weeks before the compromise. This follows previous attacks on dYdX infrastructure in 2022 and 2024, demonstrating persistent targeting of cryptocurrency development tools.

Malicious dYdX Packages Published to npm and PyPI After Main...

Prior Security Incidents Affecting dYdX-Related Infrastructure #

PyPI Package: Credential Theft + Remote Access Trojan #