Cyber: Compromised Dydx Npm And Pypi Packages Deliver Wallet Stealers And...
Cybersecurity researchers have discovered a new supply chain attack in which legitimate packages on npm and the Python Package Index (PyPI) repository have been compromised to push malicious versions to facilitate wallet credential theft and remote code execution.
The compromised versions of the two packages are listed below -
"The @dydxprotocol/v4-client-js (npm) and dydx-v4-client (PyPI) packages provide developers with tools to interact with the dYdX v4 protocol, including transaction signing, order placement, and wallet management," Socket security researcher Kush Pandya noted. "Applications using these packages handle sensitive cryptocurrency operations."
dYdX is a non-custodial, decentralized cryptocurrency exchange for trading margin and perpetual swaps, while allowing users to retain full control over their assets. On its website, the DeFi exchange says it has surpassed $1.5 trillion in cumulative trading volume.
While it's currently how these poisoned updates were pushed, it's suspected to be a case of developer account compromise, as the rogue versions were published using legitimate publishing credentials.
The changes introduced by the threat actors have been found to target both the JavaScript and Python ecosystems with different payloads. In the case of npm, the malicious code acts as a cryptocurrency wallet stealer that siphons seed phrases and device information. The Python package, on the other hand, also incorporates a remote access trojan (RAT) along with the wallet stealer functionality.
The RAT component, which is run as soon as the package is imported, contacts an external server ("dydx.priceoracle[.]site/py") to retrieve commands for subsequent execution on the host. On Windows systems, it makes use of the "CREATE_NO_WINDOW" flag to ensure that it's executed without a console window.
"The threat actor demonstrated detailed knowledge of the package internals, inserting malicious code into core registry files (registry.ts, registry.js, account.py) that would execute during normal package usage," Pandya said.
"The 100-iteration obfuscation in the PyPI version and the coordinated cross-ecosystem deployment suggest the threat actor had direct access to publishing infrastructure rather than exploiting a technical vulnerability in the registries themselves."
Following responsible disclosure on January 28, 2026, dYdX acknowledged the incident in a series of posts on X, and urged users who may have downloaded the compromised versions
Source: The Hacker News
