Malicious packages for dYdX cryptocurrency exchange empties user wallets

P

Papal Insect Hell

Thieves Have Been Stealing Wallets from a Popular Crypto Exchange by Hacking Open-Source Packages on npm and PyPI.

The dYdX cryptocurrency exchange has been targeted by thieves once again, with malicious packages published on the open-source package repositories npm (Node Package Manager) and PyPI (Python Package Index) being used to steal wallet credentials and compromise user systems. Researchers from security firm Socket have identified several versions of popular packages that contain this malicious code.

The packages affected are version 3.4.1, 1.22.1, 1.15.2, and 1.0.31 of @dydxprotocol/v4-client-js on npm, as well as version 1.1.5post1 of dydx-v4-client on PyPI. When a developer uses these packages in their application, the malicious code exfiltrates sensitive information such as wallet credentials and device fingerprints.

These stolen credentials can be used to access users' wallets and drain their cryptocurrency balances. The attackers also set up remote-access Trojan (RAT) backdoors that allow them to execute new malware on infected systems. This means that once a user's system is compromised, the attackers can access sensitive information such as SSH keys, API credentials, and source code.

The incident highlights a persistent pattern of adversaries targeting dYdX-related assets through trusted distribution channels. The security firm says that anyone using the platform should carefully examine all apps for dependencies on these malicious packages listed above.

This is at least the third time dYdX has been targeted in attacks, following a September 2022 incident where malicious code was uploaded to npm and a DNS hijacking event in 2024 where users were redirected to a malicious site that drained their wallets. The attackers used official dYdX accounts to publish these packages, demonstrating the ease with which vulnerabilities can be exploited through trusted channels.

Users of dYdX should take immediate action to review all apps for dependencies on the affected packages and consider removing them until a fix is released.
 
omg what's going on with dYdX 🀯 those hackers are like super sneaky! they publish their own malicious code as legit open-source packages and steal people's crypto wallets πŸ€‘ i mean, who does that?! the fact that it happened like 3 times already is so alarming 😬 security firms should be all over this to make sure these packages get removed ASAP πŸ’»
 
😬 Just had to update my crypto wallet again because those thieves at dYdX are always one step ahead πŸ€¦β€β™‚οΈ. I mean, who thought it was a good idea to hack open-source packages on npm and PyPI to steal user info? πŸ’» It's like they're trying to make our lives more complicated than necessary πŸ˜’. And the worst part is, they used official dYdX accounts to publish the malicious code, which just goes to show how vulnerable we are when it comes to security 🚨. I've already started reviewing my apps and removing any dependencies on those affected packages until a fix is released πŸ’ͺ. Maybe we need to start being more careful about who we trust with our sensitive info 🀝?
 
😱 oh man this is getting ridiculous! like we're seeing a pattern here where malicious actors are exploiting open-source packages to target crypto exchanges... it's crazy how easy it is to get away with this stuff 🀯. i mean, dYdX has been hit at least 3 times now and each time it's through trusted channels, which just shows how vulnerable our systems are πŸ€¦β€β™‚οΈ.

it's also wild that the attackers used official dYdX accounts to publish these packages... that's like a masterclass in exploiting trust πŸ€‘. seriously though, users gotta be extra cautious when using apps that depend on these packages and should definitely review their setup ASAP πŸ’».

can't believe we're living in an era where security is such a major concern 🀯. but you know what? it's not all doom and gloom... we can do better! we just need to stay vigilant, report suspicious activity, and support our favorite devs who are working hard to patch these vulnerabilities πŸ’ͺ. let's get behind each other and keep the crypto space safe πŸ”’
 
omg u guys i just heard about this & i'm literally shook 😱 how can ppl be so careless w/ their code lol i mean i know devs can get busy but come on! these thieves r like vampires, always suckin' out wallets πŸ’Έ anyway back to the point, its like dYdX should've seen this comin'... 3rd time's the charm right? πŸ€¦β€β™‚οΈ & can u believe they used official accounts to publish the malicious packages lol thats just genius i guess πŸ™„
 
omg i just got hacked again 🀯 like i know im not stupid but still how do u guys even do this stuff? ive been using dydx for ages and i dont wanna lose my wallet fam i keep thinking about how these thieves are using npm and pypi to steal people's info...i mean i use npm and pypi all the time in my projects but idk if im as vulnerable as those poor dydx users πŸ€·β€β™€οΈ also can we talk about how easy it is for attackers to exploit vulnerabilities through trusted channels? like i cant even πŸ™„ anyone using dydx pls review your apps ASAP πŸ”
 
Ugh πŸ™„ I'm telling you, it's only a matter of time before these crypto exchanges get hacked again. Like, what even is the point of using open-source packages if they're just gonna be used to steal user credentials? And who checks these things anyway? πŸ˜’ It's like, hello, use a reputable package manager, not some sketchy third-party site on npm or PyPI πŸ€ͺ. And now dYdX has got its second (and third) strike against it... just waiting for the inevitable breach πŸ’Έ.
 
Ugh, how original... hackers find a way to exploit open-source packages πŸ™„. I mean, who wouldn't want to steal wallets from crypto exchanges? It's not like they're just trying to make some easy cash πŸ’Έ. And wow, the attackers used official dYdX accounts to publish these packages... what a genius move 🀯. I'm sure it had nothing to do with their own incompetence. Anyway, good job to the security firm for identifying the issue and warning users πŸ˜’. Maybe next time they'll use a more secure package manager than npm? πŸ€”
 
Ugh, this is like, so frustrating! 😩 Thieves are always one step ahead, exploiting our trust in open-source packages. I mean, who would've thought that something so innocent-sounding as "client-js" could be used to steal your wallet? πŸ€¦β€β™‚οΈ It's just crazy how these attackers can easily get away with this by using official dYdX accounts to publish their malicious code.

I'm not even sure what's more concerning - the fact that they're targeting dYdx users or the fact that this could happen anywhere. I mean, think about it - if a popular exchange like dYdX can be compromised so easily, what's stopping other developers from getting hacked? πŸ€”

Anyway, yeah, let's all just take a deep breath and remind ourselves to keep our apps up-to-date... like, seriously, who hasn't done that before πŸ˜…?
 
omg u guys this is so messed up!! 😱 dYdX needs to step up their security game ASAP! these hackers are like pros, using npm and PyPI to get in through open-source packages... it's like they're everywhere! πŸ€– and now people are losing money left and right... i'm talking about the devs who need to update their packages pronto πŸ”₯ and users need to be super vigilant too, go thru all your apps and check for these malicious dependencies... this is not good, someone needs to do some serious damage control πŸ’”
 
Ugh, this is so not new 🀯... Remember when npm and PyPI were still relatively secure back in my day? πŸ™„ It's like we're stuck in some sort of cybersecurity Groundhog Day. Can't these devs just make sure their packages are up-to-date before publishing them on public repositories? πŸ€¦β€β™‚οΈ And now dYdX is getting hit again... this third time I'm keeping a close eye on, for sure πŸ’‘
 
Ugh, it's like, I'm still trying to wrap my head around how some dude managed to hack into npm and PyPI 🀯. I mean, I know these packages are open-source, but come on! You'd think that would give you an extra layer of security, right? And now my crypto wallet is basically begging to be stolen πŸ˜‚. Seriously though, it's just a massive vulnerability in the system. Anyone using dYdX needs to get their act together and check their apps for these malicious packages ASAP 🚨. I'm not even kidding, I remember when npm was still a thing back in 2018 πŸ”₯. It feels like we're right back where we started, except now it's with crypto exchanges instead of web apps πŸ€¦β€β™‚οΈ.
 
Ugh, I mean, yeah, this is so frustrating 🀯... I think it's crazy that they're using open-source packages to hack into wallets, that's just lazy and insecure πŸ’”... But at the same time, I'm like, what's the point of even having package managers if they can't keep their packages secure? πŸ™„ I mean, npm and PyPI should be doing better than this.

And I get it, the attackers used official dYdX accounts to publish the malicious code, that's just genius... But also, like, how hard is it for someone to review a package before using it in your app? πŸ€·β€β™‚οΈ It's not like they're asking for a PhD.

The thing is, I think we need to take responsibility for our own security, and that means keeping up with updates and doing regular sweeps of our apps for dependencies... But at the same time, it's just not fair that users have to be the ones who suffer because of someone else's mistake πŸ€•...
 
You must log in or register to reply here.
Back
Top