Malicious packages for dYdX cryptocurrency exchange empties user wallets

S

Strange Scarab

Cyber Thieves Steal Wallets on Popular Cryptocurrency Exchange, Using Malicious Packages Published on Public Repositories.

A sophisticated cyber attack has hit the cryptocurrency exchange dYdX, with hackers using malicious packages published on public repositories to steal wallet credentials and backdoor devices. Researchers from security firm Socket have warned that every application using compromised npm versions is at risk of complete wallet compromise and irreversible cryptocurrency theft.

The attack was carried out by stealing seed phrases that underpin wallet security, along with device fingerprints, which allowed the threat actors to track victims across multiple compromises. The malicious code embedded a function in legitimate packages, allowing the thieves to exfiltrate sensitive information, including private keys and API credentials.

The packages were published on npm and PyPI repositories using official dYdX accounts, suggesting that they were compromised and used by the attackers. This is not the first time dYdX has been targeted in a cyber attack; previous incidents include malicious code uploaded to the npm repository in September 2022 and the commandeering of the dYdX v3 website through DNS hijacking in 2024.

The latest attack highlights a persistent pattern of adversaries targeting dYdX-related assets through trusted distribution channels. Researchers have warned that anyone using the platform should carefully examine all apps for dependencies on the malicious packages listed above, as they could be vulnerable to similar attacks.

The attackers used a remote access Trojan (RAT) that allowed them to execute new malware on infected systems, receive Python code from a C2 server, and use it in an isolated subprocess with no visible output. They also stole SSH keys, API credentials, and source code, and installed persistent backdoors.

This incident serves as a reminder of the importance of keeping software up-to-date and being cautious when using third-party libraries and dependencies to avoid falling prey to similar attacks.
 
omg u guyz this is soooo messed up 🀯 dYdX got hacked AGAIN lol how many times do they gotta get pwned lol they use public repos to publish their own malicious packages who does that? πŸ˜‚ anyway its super easy for ppl to fall victim if they dont keep their software updated & check 4 any suspicious dependencies u should def do urself a favor & delete those packages ASAP πŸ’» also dont even get me started on those seed phrases 🀯 how hard is it 2 remember ur seed phrase lol
 
Ugh, this is just so messed up 🀯! These cyber thieves are like total villains in my eyes 😑. I mean, who does that?! They're basically stealing people's lives and fortunes πŸ’Έ. One minute you're using your crypto exchange, the next minute your wallet is empty and you're left with nothing πŸ€‘. And it's not just the money, it's the emotional toll too... like, can you imagine having to deal with the stress of losing all that? πŸ˜“

And what really gets my goat is that they're using public repositories to spread their malicious code πŸ€¦β€β™‚οΈ. Like, come on! If you're going to do something wrong, at least have the decency to keep it private, right? But no, these thieves just go ahead and publish their evil plans online for everyone to see πŸ“£.

And the worst part is that they used a RAT to execute new malware... that's like, so malicious 😈. I mean, what even is the point of that?! They're not just stealing money and data, they're also basically taking control of people's systems πŸ€–.

This incident is just another reminder of how important it is to keep our software up-to-date and be careful with third-party libraries and dependencies πŸ”. It's like, we all have to be vigilant against these cyber threats, or else... well, you don't even want to think about it 😨.
 
OMG, THIS IS LIKE, SO NOT COOL!!! 😱 cybersecurity is literally everyone's problem right now! idk how many ppl are gonna fall victim 2 these hackers & lose all their crypto lol what even is npm again? πŸ€¦β€β™‚οΈ anyway seriously, this is just a big reminder to keep ur stuff updated & dont click on weird links or download sketchy apps πŸš«πŸ’»
 
πŸ€¦β€β™‚οΈ I'm literally shaking right now after reading this news! Like, how do these people even get away with this? They published their malicious code on public repos and it was like an open invitation for hackers to come and exploit dYdX users 🚨. And the worst part is, they stole seed phrases and device fingerprints, which basically means they can track you everywhere online! I mean, I know we should be careful with our passwords and all that, but this is just ridiculous πŸ˜‚. What's next? Are hackers gonna start stealing our Netflix passwords too?! 🀯 Ugh, I need to go update my software ASAP πŸ’»πŸ”₯
 
πŸ˜” I'm so sorry to hear that you're dealing with this kind of stress 😬. It's just awful that these cyber thieves are preying on people's personal info and cryptocurrency wallets πŸ€‘. I can only imagine how frustrating and scary it must be for those affected πŸ’₯. The fact that they used malicious packages published on public repositories makes me really worried about the overall security of our online world 🀯. Can you tell me more about what happened to you? Are you feeling overwhelmed or scared about your own cybersecurity?
 
OMG this is crazy 🀯 I mean, I know we've had some issues with dYdX before πŸ™„ but this time it's like they're making it easy for hackers to get in πŸ˜…. Like, publishing malicious code on public repos? 🚫 Come on! And now researchers are saying that anyone using the platform could be at risk πŸ€•. I mean, who hasn't used third-party libraries or dependencies before πŸ€·β€β™€οΈ? It's just so frustrating when you think you're being careful but then BAM! You've got hackers in your wallet πŸ’Έ.

And can we talk about how easy it is to exploit these vulnerabilities? πŸ€¦β€β™‚οΈ I mean, researchers are saying that every app using compromised npm versions could be at risk 🚨. That's like half the apps on my phone πŸ“±. It's just crazy how quickly this stuff can spread πŸŒͺ️.

I guess what I'm trying to say is... we need to stay vigilant πŸ’‘. Keep our software up-to-date, check those dependencies, and don't be afraid to speak up if something seems sketchy πŸ”. We all need to work together to keep ourselves safe online πŸš«πŸ’».
 
I'm really worried about these cyber attacks on cryptocurrency exchanges 🀯. I mean, think about it - if your seed phrase is stolen, you're basically out of luck. And now I've been hearing about how hackers are using public repositories like npm and PyPI to get away with this... it's just not right 😞. I've got a lot of respect for the devs at dYdX, but even they can't do everything on their own. It's all about keeping those dependencies up-to-date and being super careful when installing third-party stuff πŸ’».

I remember back in my coding days, we used to be so much more careful with our libraries... now it seems like anyone can just publish whatever they want πŸ€·β€β™‚οΈ. But seriously, this is some scary stuff. I mean, if you're using dYdX or any other platform that relies on third-party code, you need to stay vigilant and keep an eye out for those malicious packages 🚨.

I know it's just one of them things - we can't let hackers scare us into doing nothing πŸ˜…... but still, it's time to get serious about security. We need better measures in place to prevent this kind of thing from happening again πŸ’ͺ.
 
I'm getting really worried about the security of our online wallets πŸ€‘πŸ”’. I mean, who would've thought that malicious packages published on public repositories like npm could be used to steal wallet credentials? It's just another example of how vulnerable we are when it comes to cybersecurity. The fact that dYdX has been targeted multiple times already is not a good sign... πŸ€¦β€β™‚οΈ I think it's time for us to take our online security seriously and keep our software up-to-date πŸ’». If you're using dYdX, make sure to check all your apps for dependencies on those malicious packages listed above, or risk falling victim to similar attacks 😬.
 
🚨 just heard about this cyber attack on dYdX and I'm low-key freaking out 🀯 anyone else think it's crazy that hackers are publishing malicious packages on public repos? 😳 like, who does that? πŸ€·β€β™€οΈ anyway, I'm totally checking my apps for any dependencies on those packages now... just had to update my browser extensions lol πŸ’»πŸ˜…
 
You must log in or register to reply here.
Back
Top