Official client libraries for the dYdX v4 protocol in both the npm and PyPI ecosystems were recently weaponized to deliver malware. The attack, which targeted developers and users integrating with dYdX, combined seed phrase theft from crypto wallets with the deployment of a full-featured Remote Access Trojan (RAT) for covert system control.
dYdX v4 npm and PyPI clients abused as a software supply chain attack vector
Security firm Socket reported that two core dYdX v4 clients were compromised: the npm package @dydxprotocol/v4-client-js and the Python package dydx-v4-client on PyPI. These libraries are used to sign transactions, place orders, and manage wallets, placing them in the highest trust zone of user and exchange infrastructure.
The malicious releases were published through the official dYdX accounts on the registries, suggesting developer account compromise rather than a registry-side vulnerability. The affected versions are:
npm (@dydxprotocol/v4-client-js): 3.4.1, 1.22.1, 1.15.2, 1.0.31
PyPI (dydx-v4-client): 1.1.5post1
Given that cumulative trading volume on dYdX reportedly exceeds $1.5 trillion, with estimated daily volume in the hundreds of millions of dollars, any compromise of official client libraries represents a material software supply chain security incident for the broader crypto ecosystem.
Malicious JavaScript payload: seed phrase exfiltration and device fingerprinting
In the npm ecosystem, the attacker injected code into the core files registry.ts and registry.js—components that are executed in routine use of the JavaScript client. The altered logic intercepted and exfiltrated wallet seed phrases alongside a device fingerprint to the attacker-controlled domain dydx.priceoracle[.]site.
The domain name is a classic example of typosquatting: it is visually similar to legitimate dYdX infrastructure (such as dydx.xyz) and is themed to appear like a price oracle service. By combining seed phrases with device-specific identifiers, attackers gain the ability to:
• correlate multiple compromises to the same victim over time;
• prioritize high-value wallets for manual exploitation;
• link stolen credentials with on-chain activity for profiling.
Python payload: embedded Remote Access Trojan in dydx-v4-client
The PyPI package dydx-v4-client contained a significantly more capable malicious component. In addition to seed phrase theft, the attacker embedded a Remote Access Trojan (RAT) that activates immediately once the library is imported, running as a background thread.
Every 10 seconds, the RAT beacons to dydx.priceoracle[.]site, retrieves arbitrary Python code from the command-and-control (C2) server, and executes it in a separate subprocess with no visible output. Authentication to the C2 relies on a hard-coded token:
490CD9DAD3FAE1F59521C27A96B32F5D677DD41BF1F706A0BF85E69CA6EBFE75
On Windows, the malware uses the CREATE_NO_WINDOW flag, ensuring that no console window appears, which significantly hinders detection by users who might otherwise notice suspicious processes or popups.
RAT capabilities and risks for developer and CI/CD environments
Once such a RAT is present, attackers effectively gain a remote shell inside developer workstations, build servers, or trading bots that imported the malicious package. Potential actions include:
• execution of arbitrary Python code with the user’s privileges;
• theft of SSH keys, API tokens, and CI/CD credentials;
• exfiltration of proprietary source code and internal tooling;
• deployment of additional backdoors or ransomware;
• tampering with critical repositories and build artifacts;
• lateral movement across the corporate network.
Incidents such as SolarWinds Orion and multiple documented npm/PyPI malware campaigns have shown that compromising a single trusted dependency can cascade through entire organizations. This dYdX v4 case follows the same pattern, but with an added crypto-financial dimension via direct wallet credential theft.
Evidence of a targeted and well-prepared supply chain operation
Analysts note that the code modifications demonstrate a deep understanding of the dYdX clients’ architecture. The attacker chose registry.ts/registry.js on npm and account.py on PyPI—files that are reliably invoked during normal use, maximizing execution rates of the malicious logic.
The PyPI malware was further obfuscated, reportedly through multiple iterations of code scrambling to evade detection by static analysis and casual review. Across both ecosystems, the attacker reused a consistent set of exfiltration endpoints, tokens, and device fingerprinting logic, but adapted the implementation to JavaScript and Python specifics, indicating deliberate cross-ecosystem design rather than opportunistic tampering.
On 28 January 2026, after receiving notification from Socket, the dYdX team publicly confirmed the incident. According to dYdX, only versions published to npm and PyPI were affected; the source code and package versions in the official dydxprotocol GitHub repositories are believed to be clean.
This is not the first time dYdX infrastructure has been targeted. In 2022, a compromised npm account belonging to a dYdX employee led to malicious packages that exfiltrated user data. In 2024, the dYdX v3 website reportedly suffered a DNS hijacking attack that redirected users to a phishing site prompting them to sign wallet-draining transactions. Together, these incidents indicate a persistent, long-term focus on dYdX as a high-value target, with attackers repeatedly abusing trusted distribution channels—DNS, package registries, and official developer accounts—to bypass conventional perimeter defenses.
The compromise of the dYdX v4 npm and PyPI clients underscores that crypto security is inseparable from software supply chain security. Organizations operating in the Web3 and fintech space should harden developer accounts with hardware-backed authentication (FIDO2, security keys), deploy automated Software Composition Analysis (SCA) for dependency monitoring, validate anomalies in new package versions, and adopt reproducible builds and internal mirrors of trusted libraries. Crypto users should avoid storing significant funds in wallets whose seed phrases have ever been entered on development machines or automated trading systems and should periodically audit the tools and dependencies in use. Treating the software supply chain as a first-class security asset is essential to making similar attacks more difficult, costly, and detectable in the future.
