Cybersecurity firm Socket has uncovered a targeted supply-chain compromise hitting the official client libraries for dYdX v4, the decentralized perpetuals exchange that's processed over $1.5 trillion in cumulative volume.
Attackers have potentially uploaded malware to PyPI and npm using credentials from developers whose accounts they had taken over, indicating that they were able to use authentic account credentials to do this. The versions of the affected packages are:
1. npm: @dydxprotocol/v4-client-js (3.4.1, 1.22.1, 1.15.2, 1.0.31)
2. PyPI: dydx-v4-client (1.1.5post1)
These packages help developers integrate with dYdX v4, handling wallet connections, transaction signing, order placement, and more. Because they're used in apps that manage real crypto assets, the stakes are high.
Socket's analysis shows the attackers inserted code into core files (registry.ts/js on npm, account.py on PyPI) that only activates during normal use. The npm versions focus on stealing crypto wallet seed phrases and device fingerprints. The PyPI variant goes further: it bundles a full remote access trojan (RAT) that phones home to dydx.priceoracle[.]site/py for commands, runs silently (especially on Windows via CREATE_NO_WINDOW), and adds persistence.
The cross-language coordination, similar exfil logic, endpoints, and obfuscation (including 100-iteration layers in Python) points to deliberate, patient access rather than a registry flaw. dYdX confirmed the incident on X after Socket's responsible disclosure on January 28, stressing that their official GitHub repos remain clean. They advised anyone who pulled those versions to isolate machines, sweep for compromise, move funds to fresh wallets from secure systems, and rotate keys/API credentials.
This isn't dYdX's first brush with supply-chain trouble: a 2022 npm hijack hit staff accounts and poisoned packages; a 2024 DNS compromise redirected v3 users to wallet-draining phishing sites. The pattern trusted channels weaponized makes these incidents sting extra hard in DeFi.
The report also spotlights a related npm blind spot: "phantom" packages. Aikido Security found 128 unclaimed names in README files, package.json scripts and documentation (for example, openapi-generator-cli falsely advertised to be @openapitools/openapi-generator-cli and cucumber-js falsely advertised to be @cucumber/cucumber). These packages have been downloaded over 121,000 times between July of 2025 and January of 2026, with some packages like openapi-generator-cli receiving nearly 4,000 downloads in a single week.
How did this happen? npx will automatically install any package from the registry if it cannot find a local version of that package, which means that any typos, outdated documentation or hallucinations (such as those produced by AI generated code) will cause arbitrary code execution. With npm, typosquatting of existing packages is blocked; however, there is no way to protect against typosquatting on packages that don't currently exist.
Aikido's suggested solutions:
1. Using npx --no-install will allow you to fail fast if there is not a local version of that package.
2. Explicitly install command line tools rather than using npx.
3. Verify commands exist before documenting them.
4. Proactively claim obvious aliases/misspellings.
In an ecosystem where developers npx thousands of times daily, one unclaimed name can bridge convenience to catastrophe. For crypto devs especially, double-checking dependencies and preferring pinned, verified sources from GitHub beats blind trust in registries.
Source: The Hacker News
February 06, 2026
February 06, 2026
February 06, 2026
September 27, 2024
November 25, 2025
September 07, 2025
© 2016 - 2026 Red Secure Tech Ltd. Registered in England and Wales under Company Number: 15581067
