Malicious dYdX Packages Slip Into npm and PyPI After Maintainer Compromise, Enabling Wallet Theft and Remote Access

By Ash K
Malicious dYdX Packages Slip Into npm and PyPI After Maintainer Compromise, Enabling Wallet Theft and Remote Access

A sophisticated supply chain attack has struck the cryptocurrency ecosystem after malicious versions of official dYdX client libraries were published to both npm and PyPI. The compromised packages enabled large-scale credential theft and, in the Python ecosystem, full remote code execution, placing developers, trading bots, and automated financial systems at immediate risk.

The incident was uncovered by Socket’s Threat Research Team, which identified the malicious behavior within minutes of publication. The affected packages are widely used to interact with the dYdX v4 decentralized derivatives protocol, a platform that processes hundreds of millions of dollars in daily trading volume.

By embedding malware directly inside trusted package versions, the threat actor bypassed conventional dependency review practices, turning legitimate developer tooling into an attack vector against high-value cryptocurrency environments.

A High-Value Target in the DeFi Ecosystem

dYdX is one of the largest decentralized derivatives exchanges in operation, with lifetime trading volume exceeding $1.5 trillion and daily volumes typically ranging between $200 million and $540 million. Its client libraries are deeply integrated into trading bots, portfolio management systems, market-making engines, and algorithmic trading platforms.

These applications frequently handle sensitive material such as mnemonic seed phrases, private keys, and API credentials. In custodial or semi-custodial setups, this data is often processed automatically, making any compromise especially damaging.

The widespread use of both JavaScript and Python within quantitative finance made the dual-ecosystem nature of the attack particularly effective, allowing the threat actor to reach a broad and technically sophisticated user base.

Malicious Packages Published Across npm and PyPI

The attack affected both the JavaScript and Python implementations of the dYdX v4 client, with different payloads tailored to each ecosystem. On npm, the compromised package focused on cryptocurrency credential theft, while the PyPI version combined credential exfiltration with a fully featured Remote Access Trojan.

The malicious versions were published using legitimate credentials, suggesting a maintainer account compromise rather than an exploitation of registry infrastructure. The code was inserted deep within authentic package files, not added as suspicious external dependencies.

Analysts noted that the threat actor demonstrated detailed knowledge of the internal codebase, modifying core registry and account files in ways that ensured the malware would execute during normal package usage.

The coordinated release across both registries, combined with consistent infrastructure and logic, points to a carefully planned campaign rather than opportunistic abuse.

Socket AI Scanner flagging malicious dYdX package

Credential Theft via Trusted Code Paths

In the npm package, the malware was embedded inside the createRegistry function, a legitimate component used by developers to initialize interactions with the dYdX protocol. When passed a seed phrase, the function silently exfiltrated it to an external server.

Alongside the mnemonic phrase, the malware generated a persistent device fingerprint derived from system identifiers such as hostnames, operating system details, architecture, and machine IDs. This allowed the attacker to correlate stolen credentials with specific machines.

The exfiltration endpoint was hosted on a typosquatting domain designed to resemble legitimate dYdX infrastructure, increasing the likelihood that outbound traffic would go unnoticed during development or testing.

Python Package Escalates to Remote Code Execution

The PyPI version went significantly further. In addition to credential theft, it deployed a hidden Remote Access Trojan that executed automatically when the package was imported.

The RAT payload was stored as an encrypted blob and subjected to 100 layers of obfuscation, involving repeated string reversal, base64 decoding, and compression routines. Once deobfuscated, the payload executed silently in the background.

The malware established persistent communication with a command-and-control server, polling for instructions and executing arbitrary Python code without producing visible output or logs.

This capability allowed the attacker to steal additional credentials, modify files, deploy backdoors, and pivot to other systems on the same network, extending the impact well beyond cryptocurrency theft.

A Pattern of Targeting dYdX Infrastructure

This incident follows a series of previous attacks involving dYdX-related assets. In 2022, compromised npm packages targeting crypto projects exfiltrated developer credentials after maintainer accounts were taken over.

In 2024, the dYdX v3 website was affected by a DNS hijacking attack that redirected users to a phishing site designed to drain wallets through malicious transaction prompts.

Unlike those earlier events, the current campaign directly compromises developer tooling used in production systems, marking a significant escalation in both scope and potential damage.

Impact and Risk Exposure

Any application using the affected npm versions is at risk if real seed phrases were supplied during development or production use. In such cases, attackers could gain full control of associated wallets, leading to irreversible cryptocurrency losses.

PyPI users face a far broader threat. The presence of a RAT enables complete system compromise, including theft of SSH keys, API credentials, proprietary code, and sensitive files.

Because the malware operates silently and persists as long as the package remains installed, many victims may be unaware that their systems were compromised.

Indicators of Compromise

Malicious Domains and Endpoints

  • https://dydx[.]priceoracle[.]site
  • https://dydx[.]priceoracle[.]site/v4/price
  • https://dydx[.]priceoracle[.]site/py

Compromised Packages

  • npm: @dydxprotocol/v4-client-js versions 1.0.31, 1.15.2, 1.22.1, 3.4.1
  • PyPI: dydx-v4-client version 1.1.5post1

Hardcoded Credentials

  • Credential exfiltration API key: dydx1gh6fj28w37rykqu6szgp9q0rzejslmj0umk55c
  • RAT authorization token: 490CD9DAD3FAE1F59521C27A96B32F5D677DD41BF1F706A0BF85E69CA6EBFE75

The coordinated nature of this attack underscores the growing risk posed by supply chain compromises in high-value ecosystems. As attackers increasingly target trusted development tools, dependency security has become a frontline defense for the cryptocurrency industry.

Ash K
Ash K
Ashton is a seasoned Cybersecurity Professional with over 25 years of experience in Cybersecurity Research, Cybersecurity Incident response, Products and Security Solutions architecture.