Surgical Strike on DeFi: How Hijacked dYdX Packages Drained Wallets via npm and PyPI

Security analysts at Socket have unmasked a surgical supply chain incursion targeting the libraries associated with the dYdX cryptocurrency exchange. Malicious iterations of client packages manifested simultaneously within the npm and PyPI repositories following the compromise of a maintainer’s credentials. These subverted builds were engineered to exfiltrate cryptocurrency wallet data and facilitate the clandestine execution of remote code.

The technical collective reported that the affected packages pertained to the dYdX v4 clients for both JavaScript and Python. These instruments are foundational to automated trading bots, algorithmic strategies, and portfolio management services. Because they handle seed phrases, cryptographic keys, and transaction signing operations, such dependencies represent a high-value objective for adversaries.

In the npm registry, compromised versions of @dydxprotocol/v4-client-js were disseminated under the tags 1.0.31, 1.15.2, 1.22.1, and 3.4.1. Concurrently, the PyPI directory was tainted by dydx-v4-client version 1.1.5post1. The deleterious code was seamlessly integrated into the core library files, masquerading as legitimate operational logic. The publication originated from an authorized account, signifying a credential takeover rather than a vulnerability within the repository infrastructure itself.

The JavaScript variant was programmed to exfiltrate seed phrases and device digital fingerprints to a third-party domain disguised as legitimate dYdX infrastructure. This fingerprinting encompassed operating system telemetry, hostnames, and unique machine identifiers. Notably, transmission errors were suppressed, ensuring that this anomalous activity remained absent from system logs.

The Python package went a step further, housing not only a data exfiltration module but also a surreptitious remote management component. Upon importing the library, this component would initiate a multi-stage decompression sequence before establishing a link with a command-and-control server. This facilitated the deployment of arbitrary code that executed silently in the background, granting the perpetrator access to private keys, service tokens, source files, and interconnected network systems.

The exfiltration infrastructure was registered in January 2026, mimicking a price oracle service to evade suspicion. Following notification from Socket, the dYdX team confirmed the breach and issued a mandate to developers to exercise caution. The compromised releases were identified and neutralized shortly after their publication.

This incident is not an isolated occurrence within the dYdX ecosystem; previous incursions involved the subversion of npm dependencies and the hijacking of the web service’s DNS records. However, the current assault is distinguished by its synchronized reach across two distinct ecosystems and the addition of a persistent remote access mechanism. Experts emphasize the burgeoning adversarial interest in prominent cryptocurrency packages and advocate for the rigorous auditing of dependency versions and publication provenance.