Several crypto npm packages released by a prominent cryptocurrency exchange have been hacked and modified to include malicious malware.
The dydX decentralised cryptocurrency exchange (DEX) tweeted about the breach and its remediation efforts.
Its Tweeted “discovered malicious versions published to a number of dYdX NPM packages that were swiftly withdrawn” at 6:14AM EST. So we can guarantee that your funds in smart contracts and on websites where they are stored are safe.
Multiple bundles distribute malware
The company added, “Reminder that dYdX does not hold custody of user funds, which are deposited directly to a smart contract on the blockchain,” to further explain how users’ money is kept safe.
Maciej Mensfeld, a researcher for the security companies Mend and Difend.io, discovered malware in some products. Therefore, he uncovered three stolen packages intended for use in identity theft operations.
- @dydxprotocol/solo – versions 0.41.1, 0.41.2
- @dydxprotocol/perpetual – versions 1.2.2, 1.2.3
Another allegedly compromised package is ‘@dydxprotocol/node-service-base-dev,’ which has been removed from the repository.
“Ethereum Smart Contracts and TypeScript library used for the dYdX Solo Trading Protocol” is how the crypto npm packages are referred to. As the article discovered, “several crypto platforms” employ the solo programme to construct at least 44 different GitHub repositories.
Attempts to embed this particular piece of malware into legitimate goods have apparently been made before by threat actors. According to BleepingComputer, “strikingly identical” code was found in the malicious “PyGrata” Python packages that were stealing AWS credentials, environment variables, and SSH keys.
Malicious actors frequently go after code repositories, creating fake versions of popular repositories with similar names in the hopes that overworked or careless developers will choose the fake.