Malicious packages for dYdX cryptocurrency exchange empties user wallets

Incident is at least the third time the exchange has been targeted by thieves.

Feb 7, 2026 0 0

Malicious packages for dYdX cryptocurrency exchange empties user wallets

Open source packages published on the npm and PyPI repositories were laced with code that stole wallet credentials from dYdX developers and backend systems and, in some cases, backdoored devices, researchers said.

“Every application using the compromised npm versions is at risk ….” the researchers, from security firm Socket, said Friday. “Direct impact includes complete wallet compromise and irreversible cryptocurrency theft. The attack scope includes all applications depending on the compromised versions and both developers testing with real credentials and production end-users."

Packages that were infected were:

Read full article

Comments

Like 0

Dislike 0

Love 0

Funny 0

Angry 0

Sad 0

Wow 0

myhere

This blog is my little corner of the internet where I write about what inspires me, challenges me, or simply catches my curiosity. I don’t claim to have all the answers, but I love asking questions, exploring new perspectives, and learning along the way.