A whole host of crypto npm packages have been compromised


A number of npm packages published by a major cryptocurrency exchange have been compromised and updated to carry malicious code
Decentralized cryptocurrency exchange (DEX) dydX tweeted its discovery of the compromise, and how it was acting to remedy the problem.
“At 6:14AM EST, we identified malicious versions published to a number of dYdX NPM packages that were quickly removed,” its tweet (opens in new tab) read. “All funds are SAFE, our websites/apps have NOT been compromised, the attack did NOT impact smart contracts.”
Multiple packages spreading infostealers
Further explaining how user funds aren’t compromised, the company said: “Reminder that dYdX does not have custody of user funds, which are deposited directly to a smart contract on the blockchain.”
Cybersecurity researcher Maciej Mensfeld of security firm Mend and Difend.io, found that some packages contained code that would run information stealing malware when run. He found three packages that were hijacked to be used in identity theft (opens in new tab) attacks.
- @dydxprotocol/solo – versions 0.41.1, 0.41.2
@dydxprotocol/perpetual – versions 1.2.2, 1.2.3
Allegedly, the package ‘@dydxprotocol/node-service-base-dev’ was also compromised, but that one has since been pulled from the platform.
The packages are described as “Ethereum Smart Contracts and TypeScript library used for the dYdX Solo Trading Protocol.” The solo package, the publication found, is used by at least 44 GitHub repositories, being built by “multiple crypto platforms.”
Apparently, this is not the first time threat actors were trying to smuggle this identical malicious code into various packages. In fact, BleepingComputer claims to have seen code “strikingly identical” to this one in the malicious “PyGrata” Python packages that were stealing Amazon Web Services (AWS) credentials, environment variables, as well as SSH keys.
Code repositories are often the targets of malicious actors who sometimes build malicious versions of popular repositories and give them similar names, in hopes of overworked/reckless developers unknowingly picking the wrong one.
Via: BleepingComputer (opens in new tab)
Audio player loading… A number of npm packages published by a major cryptocurrency exchange have been compromised and updated to carry malicious code Decentralized cryptocurrency exchange (DEX) dydX tweeted its discovery of the compromise, and how it was acting to remedy the problem. “At 6:14AM EST, we identified malicious versions…
Recent Posts
- Hackers could one day use novel visual techniques to manipulate what AI sees – RisingAttacK impacts ‘most widely used AI computer vision systems’
- Trump’s next tariffs will target South Korea and Japan
- Bluesky can really keep up with the news now that it has activity notifications
- Bluesky is finally adding more ways to filter notifications
- NYT Strands hints and answers for Tuesday, July 8 (game #492)
Archives
- July 2025
- June 2025
- May 2025
- April 2025
- March 2025
- February 2025
- January 2025
- December 2024
- November 2024
- October 2024
- September 2024
- August 2024
- July 2024
- June 2024
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022