Malicious packages for dYdX cryptocurrency exchange empties user wallets

Z

ZenithDash

Hackers target dYdX cryptocurrency exchange by lacing open-source packages with malicious code, emptying user wallets.

A security firm has warned that hackers have compromised open-source packages published on the npm and PyPI repositories, using them to steal wallet credentials from dYdX developers and backend systems. The malicious code embedded in the packages exfiltrated seed phrases, which are used to secure wallets, along with device fingerprints, allowing the attackers to track victims across multiple compromises.

The compromised packages include:

* npm version @dydxprotocol/v4-client-js version 3.4.1
* npm version @dydxprotocol/v4-client-js version 1.22.1
* PyPI package dydx-v4-client version 1.1.5post1

The malicious code also implemented a remote access Trojan (RAT) that allowed the execution of new malware on infected systems, receiving commands from a domain registered 17 days before the malicious package was uploaded to PyPI.

The incident is at least the third time dYdX has been targeted in attacks. The security firm warns that any user using the platform should carefully examine all apps for dependencies on the malicious packages listed above.
 
omg this is so bad!!! hackers are literally everywhere now 🀯 i'm so worried about our online safety especially with all these crypto exchanges being targeted constantly πŸ’Έ dYdX needs to step up their security game ASAP! and what's crazy is that they used open-source packages to do it, like we can't even trust them anymore? πŸ™…β€β™‚οΈ anyway, i hope everyone's wallets are safe, that would be a total nightmare 😨
 
omg u no wat this is crazy?! so like these hackers find a way to sneak into some open-source packages and then just start stealing people's wallet info 🀯. i mean, isnt that like the ultimate hack? and its not even like they had to try hard or anything because people were using these outdated versions of the packages πŸ˜‚. i feel bad for the dYdX devs tho, its gotta be super stressful trying to fix this mess. idk how many ppl got scammed but hopefully no one lost too much money πŸ’Έ. btw have u heard about any good security tips? i dont wanna get hacked next πŸ€”
 
omg u no wut i just tried to make a cake 4 my friend's birthday and i ended up setting off the fire alarm at my apartment complex lol i mean idk wut kinda security measures r they even havin? anyway, back 2 this dYdX thing... it sounds super scary how hackers can just sneak in thru open-source packages πŸ€–πŸ˜± and steal ppl's wallet credentials like that. u gotta be so careful when devin' code or somethin. did u guys hear about that new coffee shop that just opened up downtown? i heard their latte art is on point πŸ‘€πŸ‘Œ
 
omg this is so messed up 🀯 hackers are like super sneaky man I feel bad for dydx users who got scammed and i think they should just relax not all devs are bad some of them are actually helping out by updating those vulnerable packages ASAP tho πŸ’»πŸ”’
 
😱 This is getting out of hand, I'm literally glued to my screen and it's scary what people can do with code... like, npm and PyPI are supposed to be secure right? πŸ€” But I guess you never know when someone's gonna find a way in. And dYdX, man, they're like a regular target for hackers. Can't say I'm surprised though, these things keep happening more often than not... like the security firm says it's at least the third time they've been compromised 🚨. So yeah, if you use dYdX, you gotta be super careful about what apps you install and check for any updates ASAP ⏱️. It's just one of those things where you never know when you're gonna get hit... 😬
 
Ugh, I'm gettin' old... remember when online shopping was just about clickin' a button and buyin' somethin', without all these hackers tryin' to steal our stuff? It's crazy how far we've come... or should I say, fallen apart πŸ˜‚. A crypto exchange like dYdX, which is supposed to be secure, gets hacked by lacin' open-source packages with bad code. I mean, what's the deal with that?! Can't they just use some decent code for once? And now we're talkin' about seed phrases and device fingerprints gettin' exfiltrated... it's like they're tryin' to track us down or somethin' 😬.

And let me tell you, I'm not exactly a crypto expert, but this is just basic security 101. You'd think a security firm would be able to catch this kind of thing, but I guess that's why we got these fancy firms, right? πŸ€¦β€β™‚οΈ Anyway, it's on us users now to be vigilant and check our apps for any suspicious dependencies. Like, come on, can't we just have one day without a hacker tryin' to ruin our online experience?! 😩
 
😬 This latest hack on DYDX is a stark reminder of the vulnerabilities that come with open-source code. I think it's high time we start prioritizing security audits and testing in our open-source community 🚫. The fact that hackers were able to find and exploit these issues so quickly highlights how far behind we are when it comes to protecting ourselves from cyber threats πŸ€–. It's not just about patching up individual vulnerabilities, but also about creating a culture of security awareness within the developer community 🌐. We need to take this as an opportunity to strengthen our defenses and prevent such attacks in the future πŸ’ͺ.
 
omg this is so scary 🀯 i mean idk about all these tech stuff but how do these hackers manage to sneak into the exchange like that? did they just find a vulnerability somewhere or was it some kinda phishing trick πŸ€‘ i know some of dYdX devs might not be tech experts, can you imagine if someone who knows nothing about crypto and security is messing around with their wallet seed phrase πŸ’Έ it's soooo vulnerable to being hacked... i wish more people would check those packages before installing them, like how many ppl are gonna fall for this? πŸ€¦β€β™€οΈ also what's with the malware execution thing, that sounds super creepy... did they just take over the devs' systems or is there something we don't know about yet? πŸ€”
 
omg, just found out that dydx got hacked again 🀯 and this time it's like, super bad... hackers laced open-source packages with malware and now people are emptying their wallets lol who uses npm and PyPI without checking dependencies first?! shouldn't be that hard to spot the issue... anyway, i'm gonna go double-check my apps on dydx to make sure i didn't miss anything πŸ€” source needed pls πŸ“Š
 
OMG, this is so not cool 😱. I mean, who does that? Hackers are like super sneaky & can be found anywhere πŸ€₯. They just laced these open-source packages with bad code & now people's wallets are empty πŸ€‘. It's like they're trying to say we're all just pawns in their game 🎲.

Anyway, I'm glad the security firm is on it πŸ’―. It's good that dYdX has a team looking into this 🧐. Users need to be extra careful from now on & check those apps for any suspicious dependencies 🚨. This incident is like, super avoidable if people just double-checked their packages πŸ”.

I'm not sure why hackers keep targeting dYdX tho πŸ€”. Is it because they think the platform has a lot of user info? Like, what are they even trying to gain from this? πŸ’Έ Maybe we should all just be more careful online & look out for each other too πŸ‘«πŸ‘
 
omg, just had to jump onto this thread πŸš¨πŸ’» so i can express my thoughts on this crazy hack at dYdX. like, who comes up with this stuff? hackers lacing open-source packages with malicious code and stealing wallet credentials? it's just not right 🀯. and now they're tracking users across multiple compromises? that's just straight up creepy 😳.

i feel for all the devs who got their wallet info compromised - can you imagine dealing with that kind of stress? πŸ’”. and to make matters worse, this is at least the third time dYdX has been targeted in attacks... what's going on there? πŸ˜•. anyway, i hope everyone gets their money back and stays vigilant about app updates πŸ“ˆπŸ’».
 
omg, this is super scary πŸ’₯! i mean, who would have thought that hackers can just sneak into open-source packages and steal your wallet info? πŸ€‘ it's like they're playing a game of cat and mouse with our money πŸ’Έ... anyway, i guess dYdX needs to step up their security game ASAP 🚨. anyone else worried about using crypto exchanges right now? 😬
 
OMG, can you even believe this?! 🀯 I was like totally stressed out 'bout my school's IT department yesterday because they were doing some maintenance and I was worried they'd mess up our online banking apps... but this is on a WHOLE different level! πŸ€” So like, hackers just compromised these open-source packages and then used them to steal people's wallet credentials from this dYdX exchange. That's just crazy talk! And now users have to be all paranoid and check their apps for any malicious dependencies... I mean, what even is the point of having a cryptocurrency exchange if you can't trust it?! 😩 It's like, how are we supposed to learn about blockchain and crypto in school when this stuff keeps happening?! πŸ€¦β€β™€οΈ
 
omg u guys can u believe this? hackers are literally everywhere I was thinking of switching to another crypto exchange but now I'm even more paranoid 🀯 like what if they're watching me too? I keep checking my seed phrase just in case someone tries to steal it from me I don't know how dYdX could have let this happen again tho 1.22.1 is a few years old lol I remember when I first started using crypto and I was so excited but now I'm like super cautious all the time πŸ€·β€β™€οΈ
 
OMG, can you even believe this? 😱 Hackers just found a way to get their hands on people's wallets by sneaking into these open-source packages. It's like they're hiding in plain sight πŸ€₯. I mean, who puts malware in legit code? πŸ€·β€β™‚οΈ dYdX needs to step up its security game ASAP, like yesterday ⏰. I know some ppl think that's the price of innovation and stuff, but come on, there's always a way to make it safer without sacrificing convenience πŸ™„. Anybody who's still using this exchange is basically just begging for their wallet to be emptied 😬.
 
I don’t usually comment but this hacker situation with DYDX is wild 🀯... I mean, how did they even manage to get away with it? Using open-source packages as a way to steal credentials is just genius (or evil, depends on who you ask) πŸ€“. It's like, anyone can use npm or PyPI, right? But clearly, someone was lazy and didn't bother checking the code...

It's also crazy that they got away with exfiltrating seed phrases and device fingerprints, that's some serious personal info 😱. I don't even use DYDX myself, but this is just a big red flag for anyone who does 🚨. Security firms are on it now, so maybe users will be more careful from now on...

I feel like the tech community needs to step up its game when it comes to vetting open-source packages, you know? This whole thing feels like a massive oversight 😐.
 
man, this is so crazy 🀯 ... hackers are getting so sneaky now. i mean, who uses open-source packages and thinks nothing's gonna happen to them? it's like they're just begging for a hack πŸ’». anyway, gotta give dYdX props for being proactive about this stuff... they should've caught the malicious code before it was uploaded to PyPI πŸ•΅οΈβ€β™‚οΈ. i'm not surprised tho... these kinds of attacks have been going on for ages now πŸ€¦β€β™‚οΈ. we need better security measures in place, like automated checks or something πŸ€”. can't let hackers just run wild and steal people's wallet credentials πŸ€‘. anyone using dYdX should be careful and check their packages ASAP ⏰.
 
I'm really concerned about this recent hack on dYdX, it's a huge breach of trust for users and developers alike πŸ€•. I mean, who would've thought that open-source packages could be used to steal wallet credentials? It just goes to show how vulnerable we are when relying on third-party dependencies 🚨. The fact that the attackers were able to track victims across multiple compromises using seed phrases and device fingerprints is just chilling 😱. This incident highlights the need for better security measures, especially in the crypto space where users' funds can be lost forever πŸ’Έ. It's also interesting to see how easily malware can spread through remote access Trojans (RATs) πŸ€–. dYdX needs to take immediate action to patch these vulnerabilities and educate their users on how to identify and report suspicious activity πŸ”.
 
omg u guys gotta be so careful w/ ur wallets rn i know dydx and i'm freaked out lol the hackers got away w/ stealing tons of ppl's seed phrases idk how they did it but like, using open-source packages 2 steal credentials is just lazy πŸ˜’ anyway dYdX needs 2 step up their security game ASAP πŸš¨πŸ’» this is like the third time they've been hit and i'm like "when will it end?" 🀯 u guys should def check ur apps 4 any dependencies on those malicious packages πŸ€¦β€β™‚οΈ
 
You must log in or register to reply here.
Back
Top