VTA-004559 – Malicious dYdX Libraries Used to Steal Crypto Wallets via npm and PyPI

A sophisticated supply chain attack targeting dYdX, a popular decentralized finance (DeFi) protocol, through malicious packages published on both npm and PyPI package registries. These packages masquerade as legitimate client libraries but harbor code designed to steal cryptocurrency wallet credentials and enable remote code execution (RCE).

What sets this attack apart from run-of-the-mill typosquatting or opportunistic malware is the attackers’ confirmed compromise of a legitimate dYdX maintainer’s publishing credentials, allowing them to inject malicious code directly into official package versions without raising repository flags. Affected npm packages like (@dydxprotocol/v4-client-js – versions 3.4.2, 1.22.2, 1.15.3, 1.0.32) silently capture wallet mnemonics and device fingerprints, exfiltrating them to a command-and-control server at dydx.priceoracle[.]site/js. Meanwhile, the PyPI package dydx-v4-client (version 1.1.5post1) deploys RAT capabilities, using stealthy techniques like the Windows CREATE_NO_WINDOW flag to hide its operations while sending data to dydx.priceoracle[.]site/py, making detection elusive even during normal library use.

This cross-ecosystem assault on JavaScript and Python developers building crypto trading bots, wallet tools and DeFi automation scripts amplifies its reach, potentially compromising production systems and end-users alike. Unlike typical threats relying on user error or phishing, this insider-style maintainer takeover exploits the blind trust developers place in verified package sources, echoing but escalating prior dYdX incidents like 2022’s npm breach and 2024’s DNS hijack.

Severity:
High

Attack Surface:
Endpoint, Infrastructure, Supply Chain (Third-party vendors)

Tactics:
Collection, Command and Control, Credential Access, Defense Evasion, Execution, Exfiltration, Initial Access, Persistence, Resource Development

Techniques:
T1195.002 – Supply Chain Compromise: Compromise Software Dependencies
T1059 – Command and Scripting Interpreter (JavaScript / Python)
T1552 – Unsecured Credentials
T1041 – Exfiltration Over C2 Channel
T1105 – Ingress Tool Transfer (for RAT payload behavior)
T1195.003 – Compromise Software Dependencies and Development Tools
T1547.001 – Boot or Logon Autostart Execution: Registry Run Keys
T1055.001 – Process Injection
T1071.001 – Application Layer Protocol: Web Protocols

Indicator of Compromise:
https://otx.alienvault.com/pulse/69894948b00b31fcf6202ec3

References:
1. https://socket.dev/blog/malicious-dydx-packages-published-to-npm-and-pypi

SuperPRO’s Threat Countermeasures Procedures:
1. Pin npm packages to safe versions like @dydxprotocol/[email protected] or earlier. Run npm audit and npm ls to scan dependencies immediately.
2. For PyPI, revert dydx-v4-client to version 1.1.4 or below using pip install dydx-v4-client==1.1.4. Block domains dydx.priceoracle[.]site via DNS sinks like Pi-hole.
3. Restrict outbound connections from development environments using egress firewall rules to block unauthorized exfiltration endpoints.
4. Rotate all exposed crypto wallet seed phrases and regenerate keys using hardware wallets where possible.
5. Validate package integrity using SHA-256 checksums before deployment in CI/CD pipelines.
6. Revoke and rotate all maintainer npm/PyPI API tokens with 2FA enforced. Integrate Socket.dev or GitHub Dependabot for real-time supply chain alerts on future publishes.

Contributed by: Thivya