Malicious packages steal dYdX wallet credentials

Open source packages on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX developers and backend systems and, in some cases, backdoored devices, researchers said. “Every application using the compromised npm versions is at risk …." the researchers, from security firm Socket, said Friday.

Direct impact includes complete wallet compromise and irreversible cryptocurrency theft. The attack scope includes all applications depending on the compromised versions and both developers testing with real credentials and production end-users. Packages that were infected were: npm (@dydxprotocol/v4-client-js): 3.4.1 1.22.1 1.15.2 1.0.31 PyPI (dydx-v4-client): 1.1.5post1 dYdX is a decentralized derivatives exchange that supports hundreds of markets for “perpetual trading,” or the use of cryptocurrency to bet that the value of a derivative future will rise or fall.

dydx, npm, pypi, wallet credentials, malicious packages, socket, backdoor, cryptocurrency theft, decentralized derivatives, perpetual trading