Cybersecurity researchers have uncovered a software supply chain attack involving compromised packages on npm and the Python Package Index (PyPI) that were used to distribute cryptocurrency wallet stealers and remote access malware.
The malicious activity targeted developer tools associated with the dYdX v4 protocol, a decentralized exchange used for margin and perpetual trading. The affected package versions are listed below.
Affected Packages and Versions
npm
- @dydxprotocol/v4-client-js Versions: 3.4.1, 1.22.1, 1.15.2, 1.0.31
PyPI
- dydx-v4-client Version: 1.1.5post1
According to Socket security researcher Kush Pandya, these packages are commonly used to interact with the dYdX v4 protocol for transaction signing, order execution, and wallet management, placing them in a highly sensitive position within the cryptocurrency ecosystem.
dYdX operates as a non-custodial decentralized exchange, allowing users to maintain control over their assets. The platform states it has processed over $1.5 trillion in cumulative trading volume, making it an attractive target for threat actors.
Suspected Developer Account Compromise
While the exact intrusion method remains under investigation, researchers believe the malicious updates were published using legitimate maintainer credentials, pointing to a developer account takeover rather than a vulnerability in npm or PyPI themselves.
The malicious payloads differed based on ecosystem:
- npm versions contained a cryptocurrency wallet stealer that harvested seed phrases and device metadata
- PyPI version included both a wallet stealer and a remote access trojan (RAT)
RAT Capabilities and Execution Flow
The Python-based RAT executes immediately upon package import and establishes communication with an external command server at:
- dydx.priceoracle[.]site/py
Once connected, the malware retrieves and executes attacker-issued commands. On Windows systems, it uses the CREATE_NO_WINDOW execution flag to remain hidden from the user.
“The attacker showed intimate knowledge of the package internals,” Pandya explained. “Malicious code was injected into core files such as registry.ts, registry.js, and account.py, ensuring execution during normal usage.”
Researchers also observed 100-layer obfuscation in the PyPI payload, along with consistent infrastructure and logic across both ecosystems, reinforcing the conclusion that the attacker had direct access to publishing pipelines.
dYdX Response and User Guidance
Following responsible disclosure on January 28, 2026, dYdX acknowledged the incident publicly and advised affected users to:
- Immediately isolate impacted systems
- Transfer funds to new wallets created on clean devices
- Rotate all API keys, credentials, and secrets
The company clarified that GitHub-hosted versions of dydx-v4-client were not affected.
Repeated Targeting of the dYdX Ecosystem
This incident is not the first supply chain attack involving dYdX-related assets.
- September 2022: A hijacked npm account belonging to a dYdX staff member was used to publish credential-stealing packages
- 2024: The legacy dYdX v3 website was compromised and redirected users to a wallet-draining phishing site
“When viewed together, these incidents show a persistent pattern of attackers targeting dYdX through trusted distribution channels,” Socket said.
“The attacker reused credential theft logic, exfiltration endpoints, and fingerprinting techniques across languages. The npm package focused on theft, while the PyPI version added persistent system access.”
Supply Chain Risks from Non-Existent npm Packages
In a related disclosure, Aikido Security revealed that npm packages referenced in documentation but never actually published represent a serious supply chain risk.
Attackers can claim these unused package names and distribute malware to developers who unknowingly run commands using npx.
Aikido identified 128 such phantom packages that collectively amassed 121,539 downloads between July 2025 and January 2026. The most abused names included:
- openapi-generator-cli (48,356 downloads)
- cucumber-js (32,110 downloads)
- depcruise (15,637 downloads)
- jsdoc2md (4,641 downloads)
- grpc_tools_node_protoc (4,518 downloads)
- vue-demi-switch (1,166 downloads)
“Openapi-generator-cli alone saw nearly 4,000 downloads in just seven days,” said security researcher Charlie Eriksen. “That is thousands of executions of a command that should not exist.”
The issue highlights a gap in npm’s typosquatting protections, which prevent near-name clones but cannot block the registration of previously unused package names.
Recommended Mitigations
To reduce exposure to npx-based supply chain attacks, Aikido recommends:
- Use
npx --no-installto block automatic registry installs - Explicitly install CLI tools instead of relying on npx
- Verify that referenced packages actually exist
- Pre-register common aliases and misspellings
“The npm ecosystem runs on convenience,” Eriksen said. “But the line between convenience and arbitrary code execution is just one unclaimed package name.”
Found this article interesting? Follow us on X (Twitter) , Facebook, Blue sky and LinkedIn to read more exclusive content we post.
