🇺🇸▼
Security researchers have uncovered a sophisticated attack that emptied cryptocurrency wallets belonging to users of the dYdX exchange. The breach was not a direct hack of the dYdX website itself. Instead, the attackers exploited trusted software packages used by developers to build applications for the exchange. These packages, found on popular repositories like npm and PyPI, contained hidden malicious code designed to steal wallet credentials. Once this code was installed on a computer, it could completely compromise a user's digital wallet and permanently steal their cryptocurrency.
The security team from the firm Socket issued a warning on Friday. They explained that every application using the infected versions of these software tools faced immediate risk. The potential damage includes the total loss of funds and the inability to recover stolen assets. This attack affected all applications that relied on the compromised code. It harmed both developers who were testing their systems with real credentials and end-users who were actively trading on the platform.
The infected packages were located in two different software libraries. The first was an npm package used for JavaScript development, specifically for the dYdX v4 client. Several specific versions of this package were infected, including 3.4.1, 1.22.1, 1.15.2, and 1.0.31. The second infected library was a PyPI package for Python, known as dydx-v4-client, specifically version 1.1.5post1. These specific versions are the primary vectors through which the malware enters a system.
dYdX is a decentralized exchange that allows people to trade derivatives. This means traders can bet on whether the price of a future asset will go up or down. This type of trading is often called "perpetual trading." Over the lifetime of the exchange, dYdX has processed more than $1.5 trillion in trading volume. On average, the exchange handles between $200 million and $540 million in daily trading. There is also roughly $175 million in open interest, which represents the total value of active trading positions.
The exchange provides code libraries to third parties. These libraries allow developers to build trading bots, automated strategies, or backend services. The critical danger is that these external tools often handle private keys and seed phrases. A seed phrase is a secret string of words that acts as the master key to a cryptocurrency wallet. If a malicious program obtains this seed phrase, it can steal all funds in the associated wallet.