Malicious Code Packages Targeting dYdX Exchange Drain User Cryptocurrency Wallets

Compromised npm and PyPI packages stole wallet credentials and backdoored developer systems

Nonepaper Staff•Saturday 7 February 2026 at 10:08 am•1 min read

Security researchers discovered malicious open source packages on npm and PyPI repositories that specifically targeted users of the dYdX cryptocurrency exchange, stealing wallet credentials and installing backdoors on compromised systems.

The attack represents a sophisticated supply chain compromise, where attackers uploaded packages designed to look like legitimate dYdX development tools. Once installed, the packages exfiltrated wallet credentials from developers and backend systems, enabling direct theft of cryptocurrency.

Socket security researchers warned that every application using the compromised npm versions is at risk, affecting both developers testing with real credentials and production end-users.

Analysis

Why This Matters

Supply chain attacks on crypto infrastructure can result in immediate, irreversible financial losses.

Background

dYdX is a decentralized exchange for derivatives trading with significant daily volume.

Key Perspectives

Security experts urge dependency auditing. Crypto users face constant threats.

What to Watch

How much was stolen and whether dYdX implements additional security measures.

Sources

Malicious packages for dYdX cryptocurrency exchange empties user wallets