Feed
CriticalPublished 27 Jan 20262 packages · 6 versions

dYdX v4-client npm + PyPI compromise (wallet stealer + RAT)

Summary

Maintainer credentials for the dYdX decentralized exchange were compromised; malicious versions of the official v4 client were pushed to npm and PyPI in a coordinated release. The npm payload exfiltrates wallet seed phrases through a malicious createRegistry() function. The PyPI variant additionally drops a Python RAT executed on import.

maintainer-takeovercrypto-wallet-draincredential-theftaccount-takeover
Detected by
Socket
Ecosystems
npmPyPI
Packages tracked
2

What happened

On January 27, 2026, maintainer credentials for the official dYdX v4 client libraries were compromised. The attacker pushed coordinated malicious releases to both npm (@dydxprotocol/v4-client-js) and PyPI (dydx-v4-client) within a short window — the kind of cross-ecosystem timing that only works if the attacker is sitting on real publishing rights, not running a typosquat.

The npm payload is centred on a malicious createRegistry() helper that hooks the wallet flow and exfiltrates any seed phrase passed through dYdX SDK calls. The PyPI variant carries the same wallet-stealing logic plus a Python RAT triggered at import time, so simply running pip install on a dependency tree that resolves the bad version is enough.

Obfuscation density on both payloads is significantly higher than typical typosquat malware, which matches the publishing-account-takeover hypothesis. Socket linked the deobfuscated control flow back to the same operator infrastructure observed in earlier 2025 wallet-drainer campaigns.

If you maintain a downstream dYdX integration, treat any host that built against the malicious versions as compromised for crypto assets: transfer funds from a clean device first, then rotate API keys handled on that workstation.

Affected packages (2)

  • npm@dydxprotocol/v4-client-js
    1.0.311.15.21.22.13.4.1
  • PyPIdydx-v4-client
    1.1.5.post11.1.5post1

Impact

  • Cryptocurrency wallet seed-phrase theft from any downstream dYdX integrator
  • Remote command execution on Python hosts importing the package
  • High-iteration obfuscation suggests publishing-infrastructure access, not typosquat

What to do

  1. 1Isolate any machine that installed the malicious versions; transfer crypto from a clean device
  2. 2Rotate API keys and credentials handled on the affected developer workstation
  3. 3Reinstall only from versions verified against the official dYdX GitHub repository

References

multi-2026-01-27-dydx-compromise