In a sophisticated supply chain attack that highlights the persistent vulnerabilities in open-source package repositories, cybersecurity researchers have discovered that legitimate packages on npm and the Python Package Index (PyPI) repository were compromised to distribute malicious versions designed to steal cryptocurrency wallet credentials and enable remote code execution.

Understanding the Compromise

The attack targeted packages associated with dYdX, a non-custodial decentralized cryptocurrency exchange that facilitates trading of margin and perpetual swaps. With over $1.5 trillion in cumulative trading volume, dYdX represents a high-value target for cybercriminals seeking to compromise cryptocurrency operations.

Socket security researcher Kush Pandya explained the significance: "The @dydxprotocol/v4-client-js (npm) and dydx-v4-client (PyPI) packages provide developers with tools to interact with the dYdX v4 protocol, including transaction signing, order placement, and wallet management. Applications using these packages handle sensitive cryptocurrency operations."

The compromised package versions include:

  • @dydxprotocol/v4-client-js (npm) - versions 3.4.1, 1.22.1, 1.15.2, 1.0.31
  • dydx-v4-client (PyPI) - version 1.1.5post1

While the exact compromise mechanism remains under investigation, evidence suggests the poisoned updates were published using legitimate publishing credentials, indicating a developer account compromise rather than a vulnerability in the package registries themselves.

Sophisticated Cross-Ecosystem Attack

What makes this attack particularly concerning is its coordinated deployment across two distinct programming ecosystems, with customized payloads for each platform. The threat actors demonstrated detailed knowledge of both the dYdX codebase and the target ecosystems' technical characteristics.

JavaScript/npm Payload: Wallet Stealer

The malicious npm package versions incorporated code designed to function as a cryptocurrency wallet stealer. The payload specifically targets:

  • Cryptocurrency seed phrases (the master keys to cryptocurrency wallets)
  • Device fingerprinting information
  • User identification data

The malicious code was carefully inserted into core registry files (registry.ts and registry.js) to execute during normal package usage, making detection more difficult as the malicious behavior blends with legitimate functionality.

Python/PyPI Payload: Wallet Stealer Plus RAT

The Python package version contains more extensive malicious functionality, incorporating both wallet stealer capabilities and a remote access trojan (RAT). The RAT component activates immediately upon package import, a technique known as "install-time attack" that executes malicious code without requiring any specific function calls from the developer.

The Python RAT functionality includes:

  • Contacting an external server (dydx.priceoracle[.]site/py) to retrieve commands
  • Executing arbitrary commands on the compromised host
  • Using the Windows CREATE_NO_WINDOW flag to execute without displaying a console window, maintaining stealth
  • Providing persistent backdoor access to compromised development environments

Most concerning is the PyPI version's use of 100-iteration obfuscation, demonstrating significant effort to evade detection. As Pandya noted: "The threat actor demonstrated detailed knowledge of the package internals, inserting malicious code into core registry files (registry.ts, registry.js, account.py) that would execute during normal package usage."

Operational Sophistication

Several aspects of this attack demonstrate sophisticated planning and execution:

Coordinated Cross-Platform Deployment: The simultaneous compromise of both npm and PyPI packages with ecosystem-specific payloads suggests careful planning and understanding of both JavaScript and Python development practices.

Strategic Code Placement: The malicious code was inserted into core functionality files that would execute during normal package operations, rather than obvious malicious additions that would be easily spotted during code review.

Infrastructure Consistency: The threat actors maintained consistent exfiltration endpoints, API keys, and device fingerprinting logic across both platforms, indicating centralized operational control.

Heavy Obfuscation: The 100-iteration obfuscation in the PyPI version goes far beyond typical malicious package attempts, suggesting significant resources and technical capability.

The Pattern of Attacks Against dYdX

This incident is not the first time the dYdX ecosystem has been targeted through supply chain attacks. The pattern reveals persistent threat actor interest in compromising this cryptocurrency platform:

September 2022: Mend and Bleeping Computer reported that a dYdX staff member's npm account was hijacked to publish malicious versions of multiple npm packages containing credential-stealing code.

July 2024: The dYdX v3 platform website was compromised to redirect users to a phishing site designed to drain cryptocurrency wallets.

January 2026: The current compromise affecting both npm and PyPI packages.

This three-strike pattern over four years demonstrates that threat actors view dYdX-related infrastructure as a persistent and valuable target. The evolution from account compromise to website hijacking to coordinated multi-ecosystem supply chain attacks shows increasing sophistication.

The Broader Supply Chain Risk

As Socket's analysis concluded: "Viewed alongside the 2022 npm supply chain compromise and the 2024 DNS hijacking incident, this attack highlights a persistent pattern of adversaries targeting dYdX-related assets through trusted distribution channels."

The cryptocurrency sector faces unique supply chain risks due to several factors:

  • High-Value Targets: Cryptocurrency operations handle directly monetizable assets, making them attractive to financially motivated attackers
  • Irreversible Transactions: Unlike traditional financial systems, cryptocurrency transactions are generally irreversible, giving attackers immediate and permanent access to stolen funds
  • Dependency on Open Source: Cryptocurrency platforms heavily rely on open-source libraries and packages, creating numerous supply chain attack vectors
  • Developer Account Value: Compromising accounts with publishing access to cryptocurrency-related packages provides access to numerous downstream targets

The Phantom Package Problem

Aikido's recent research has identified an additional supply chain risk that may have contributed to this type of attack: "phantom packages" - packages referenced in documentation and scripts but never actually published to package registries.

Their analysis found 128 phantom packages that collectively received 121,539 downloads between July 2025 and January 2026. These unclaimed package names represent opportunities for threat actors to publish malicious code that would be automatically installed by developers following documentation or running scripts that reference the non-existent packages.

The most downloaded phantom packages include:

  • openapi-generator-cli (48,356 downloads)
  • cucumber-js (32,110 downloads)
  • depcruise (15,637 downloads)
  • jsdoc2md (4,641 downloads)
  • grpc_tools_node_protoc (4,518 downloads)

As Aikido researcher Charlie Eriksen noted: "The npm ecosystem has millions of packages. Developers run npx commands thousands of times daily. The gap between 'convenient default' and 'arbitrary code execution' is one unclaimed package name."

Response and Mitigation

Following responsible disclosure on January 28, 2026, dYdX acknowledged the incident and issued urgent guidance for potentially affected users:

  • Isolate affected machines immediately
  • Move funds to a new wallet from a clean, uncompromised system
  • Rotate all API keys and credentials
  • Verify that downloaded packages match the legitimate versions hosted in the dydxprotocol GitHub repository

The exchange confirmed: "The versions of dydx-v4-clients hosted in the dydxprotocol Github do not contain the malware."

Protecting Against Supply Chain Attacks

Organizations and developers should implement multiple defensive layers:

For Developers

  • Use dependency scanning tools that detect known malicious packages
  • Implement package integrity checking with lock files and checksums
  • Review package updates before installing, especially for security-sensitive dependencies
  • Use "npx --no-install" to prevent automatic package installation from registries
  • Install CLI tools explicitly rather than running them through npx
  • Monitor for unusual network connections from development environments
  • Maintain separate environments for cryptocurrency operations

For Package Maintainers

  • Enable two-factor authentication on all publishing accounts
  • Implement package signing to verify authenticity
  • Register obvious package name variations and aliases to prevent typosquatting
  • Monitor for unauthorized package publications
  • Maintain audit logs of all publishing activities
  • Use dedicated publishing accounts with minimal privileges

For Organizations

  • Deploy software composition analysis (SCA) tools
  • Implement private package registries with approved packages
  • Monitor development environments for suspicious activity
  • Require code review for dependency updates
  • Maintain software bill of materials (SBOM) for all applications
  • Implement network segmentation for development environments

Conclusion

The compromise of dYdX packages across npm and PyPI demonstrates the evolving sophistication of supply chain attacks. The coordinated deployment of ecosystem-specific payloads, strategic code placement, and heavy obfuscation indicate well-resourced and technically capable threat actors specifically targeting cryptocurrency infrastructure.

As Sygnia's Omer Kidron observed: "Sophisticated attackers are moving upstream into the software supply chain because it provides a deep, low-noise initial access path into downstream environments. The same approach supports both precision compromise (a specific vendor, maintainer, or build identity) and opportunistic attacks at scale ('spray') through widely trusted ecosystems—making it relevant to all organizations, regardless of whether they see themselves as primary targets."

The cryptocurrency sector must recognize that its reliance on open-source dependencies creates unique risks requiring enhanced vigilance, robust security practices, and rapid incident response capabilities. The pattern of repeated attacks against dYdX infrastructure over four years demonstrates that threat actors will persistently target valuable cryptocurrency platforms through whatever vectors prove successful.

Source: The Hacker News - Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware