Malicious dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware

Timeline

1. 06.02.2026 10:40 1 articles · 13h ago

   Malicious dYdX Packages Compromised to Deliver Wallet Stealers and RAT Malware

   Legitimate dYdX-related packages on npm and PyPI have been compromised to distribute malicious versions that steal cryptocurrency wallet credentials and execute remote access trojans (RATs). The compromised packages target JavaScript and Python ecosystems, with different payloads for each. The attack is suspected to involve developer account compromise, allowing threat actors to push malicious updates using legitimate credentials. The affected packages include @dydxprotocol/v4-client-js (npm) versions 3.4.1, 1.22.1, 1.15.2, and 1.0.31, and dydx-v4-client (PyPI) version 1.1.5post1. The malicious code targets core registry files and uses obfuscation techniques to evade detection. Users are advised to isolate affected machines, move funds to new wallets from clean systems, and rotate all API keys and credentials. This incident highlights a persistent pattern of supply chain attacks targeting dYdX-related assets.

   Show sources

   • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware — thehackernews.com — 06.02.2026 10:40

   Open in new tab

Information Snippets

• Compromised packages: @dydxprotocol/v4-client-js (npm) versions 3.4.1, 1.22.1, 1.15.2, 1.0.31, and dydx-v4-client (PyPI) version 1.1.5post1.

  First reported: 06.02.2026 10:40
  1 source, 1 article
  Show sources

  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware — thehackernews.com — 06.02.2026 10:40

• Malicious code targets core registry files (registry.ts, registry.js, account.py) and uses obfuscation techniques.

  First reported: 06.02.2026 10:40
  1 source, 1 article
  Show sources

  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware — thehackernews.com — 06.02.2026 10:40

• npm package acts as a cryptocurrency wallet stealer, siphoning seed phrases and device information.

  First reported: 06.02.2026 10:40
  1 source, 1 article
  Show sources

  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware — thehackernews.com — 06.02.2026 10:40

• PyPI package includes a remote access trojan (RAT) along with wallet stealer functionality.

  First reported: 06.02.2026 10:40
  1 source, 1 article
  Show sources

  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware — thehackernews.com — 06.02.2026 10:40

• RAT component contacts an external server (dydx.priceoracle[.]site/py) to retrieve and execute commands.

  First reported: 06.02.2026 10:40
  1 source, 1 article
  Show sources

  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware — thehackernews.com — 06.02.2026 10:40

• Attack suspected to involve developer account compromise, allowing malicious updates using legitimate credentials.

  First reported: 06.02.2026 10:40
  1 source, 1 article
  Show sources

  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware — thehackernews.com — 06.02.2026 10:40

• Users advised to isolate affected machines, move funds to new wallets, and rotate API keys and credentials.

  First reported: 06.02.2026 10:40
  1 source, 1 article
  Show sources

  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware — thehackernews.com — 06.02.2026 10:40

• Similar supply chain attacks targeting dYdX have occurred in 2022 and 2024.

  First reported: 06.02.2026 10:40
  1 source, 1 article
  Show sources

  • Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware — thehackernews.com — 06.02.2026 10:40