Researchers have discovered malicious packages on npm and PyPI repositories targeting users of the dYdX cryptocurrency exchange. These compromised packages, including `@dydxprotocol/v4-client-js` and `dydx-v4-client`, contained code designed to steal wallet credentials. The attack scope includes applications using these packages, impacting both developers and end-users.

This attack resulted in complete wallet compromise and irreversible cryptocurrency theft. The malware exfiltrated sensitive information like seed phrases and device fingerprints. The attackers used typosquatting to create a domain mimicking dYdX services to receive stolen data. The PyPI package also included a remote access Trojan, allowing further malicious activity.

The compromised packages, published through official dYdX accounts, indicate a supply chain attack. The RAT enabled attackers to execute code, steal data, and create backdoors. This is the third attack against dYdX, following a 2022 npm compromise and a 2024 DNS hijacking. Users should carefully review their dependencies.

This incident highlights the ongoing risks in the crypto space. Supply chain attacks and phishing attempts are common threats. It underscores the importance of verifying package authenticity and using strong security practices. Expect to see dYdX and other exchanges take steps to improve security and prevent future attacks on user funds and data.