dYdX npm and PyPI Packages Were Compromised With Wallet Stealers and a RAT
What Happened
Legitimate packages published by the dYdX protocol — one of the largest decentralized crypto exchanges — were compromised on both npm and PyPI simultaneously. Attackers published malicious versions that silently stole cryptocurrency wallet credentials and, in the Python package, installed a full remote access trojan (RAT).
This isn't a typosquatting attack where someone uploads a fake package with a similar name. The official packages were compromised through stolen maintainer credentials, meaning anyone running npm install or pip install on these packages got malware delivered through their normal dependency chain.
The attack was disclosed on January 28, 2026 and publicly acknowledged by dYdX on February 6, 2026.
Affected Packages
npm
Package: @dydxprotocol/v4-client-js
Compromised versions: 3.4.1, 1.22.1, 1.15.2, 1.0.31
PyPI
Package: dydx-v4-client
Compromised version: 1.1.5post1
These packages provide developers with tools to interact with the dYdX v4 protocol — transaction signing, order placement, and wallet management. They're used by trading bots, DeFi frontends, portfolio trackers, and anyone building on the dYdX ecosystem.
How the Attack Worked
The attackers demonstrated detailed knowledge of the package internals. They didn't just bolt malware onto the package — they inserted malicious code into core files that execute during normal usage:
- npm: Malicious code was injected into
registry.tsandregistry.js - PyPI: Malicious code was injected into
account.py
This means the malware activated automatically when developers imported and used the package normally. No unusual import paths, no suspicious scripts — just the standard import or require triggering credential theft in the background.
The npm Payload: Wallet Stealer
The JavaScript payload targeted cryptocurrency wallets, extracting:
- Seed phrases (mnemonic recovery phrases)
- Device fingerprint information
The stolen credentials were exfiltrated to attacker-controlled servers.
The PyPI Payload: Wallet Stealer + RAT
The Python payload was more aggressive — a combined wallet stealer and remote access trojan:
- Wallet credential theft — Same seed phrase extraction as the npm version
- RAT activation on import — The trojan activates the moment the package is imported, contacting a command-and-control server at
dydx.priceoracle[.]site/pyto retrieve execution commands - Stealth execution — On Windows, it uses the
CREATE_NO_WINDOWflag to hide console windows during execution, making it invisible to the developer
The RAT enables arbitrary code execution, meaning attackers could do anything on the compromised machine — steal files, install additional malware, pivot to other systems on the network, or manipulate trading activity.
This Isn't the First Time
What makes this attack especially concerning is that dYdX has been targeted repeatedly:
- 2022 — dYdX npm account compromise
- 2024 — DNS hijacking targeting the v3 platform
- 2026 — This attack on v4 packages across both npm and PyPI
The pattern suggests persistent adversarial focus on this ecosystem. Whoever is behind these attacks has deep knowledge of dYdX's infrastructure and developer tooling, and they keep coming back.
Are You Affected?
Check Your Dependencies
# npm — check if you have any compromised versions
npm ls @dydxprotocol/v4-client-js
# Check package-lock.json for specific versions
grep -r "v4-client-js" package-lock.json
# PyPI — check your installed version
pip show dydx-v4-client
If you're running any of these versions, you are compromised:
- npm: 3.4.1, 1.22.1, 1.15.2, 1.0.31
- PyPI: 1.1.5post1
Immediate Actions
- Isolate the affected machine — Disconnect it from the network
- Move your crypto funds immediately — Transfer all assets to a new wallet created on a clean, uncompromised device. Your seed phrases should be considered stolen
- Rotate ALL credentials — API keys, SSH keys, cloud provider tokens, database passwords — everything on the compromised machine
- Update to clean versions — Legitimate versions are hosted in the dydxprotocol GitHub without malware
- Audit your systems — Check for any unusual outbound connections, new processes, or file modifications
IOC to Watch
- Outbound connections to
dydx.priceoracle[.]site - Unusual process creation with
CREATE_NO_WINDOWflags on Windows - Unexpected modifications to
registry.ts,registry.js, oraccount.pyin yournode_modulesor site-packages
The Bigger Lesson for Developers
This attack highlights a fundamental problem with package registries: a single compromised maintainer account can push malware to thousands of downstream projects.
What You Can Do
- Pin your dependency versions — Use exact versions in
package.jsonandrequirements.txt, not ranges - Use lockfiles —
package-lock.jsonandpip freezeensure you get the same version every time - Enable npm provenance — npm's provenance feature verifies that packages were built from their claimed source repository
- Audit regularly — Run
npm auditandpip-auditas part of your CI/CD pipeline - Use tools like Socket — Socket.dev detects supply chain attacks by analyzing package behavior, not just known vulnerabilities
- Enable 2FA on your registry accounts — If you maintain packages, protect your accounts. You're a target
For Crypto Developers Specifically
- Never store seed phrases on machines that run third-party dependencies — Use hardware wallets for anything beyond test funds
- Isolate your development environment — Run crypto-related code in containers or VMs, not on your main machine
- Use dedicated signing machines — Transaction signing should happen on a hardened, minimal system
The npm and PyPI ecosystems process billions of downloads per month. The trust model — that packages are safe because they come from an official registry — is fundamentally broken. Every npm install is an act of trust, and that trust is being actively exploited.