Malicious packages for dYdX cryptocurrency exchange empties user wallets

Malicious packages on npm and PyPI repositories targeted dYdX cryptocurrency exchange, stealing wallet credentials and backdooring devices. The compromised versions put applications at risk of complete wallet compromise and irreversible cryptocurrency theft. The attack impacted various versions of npm and PyPI packages. The malware extracted seed phrases and device fingerprints, allowing threat actors to track victims across compromises. The domain used for exfiltrating data mimicked the legitimate dYdX service through typosquatting.