Skip to Content

dYdX npm hack

Updated on 2022-09-28: npm malware

Twenty-three JavaScript libraries were removed from the npm portal over the past two days after researchers found malware hidden in their code. See the list here.

Updated on 2022-09-23: Compromised npm Packages Affect Cryptocurrency Projects

Multiple npm packages used by cryptocurrency projects have been compromised and are installing information stealers. The compromised packages “were published from the npm account of a dYdX staff member and found to contain illicit code.”


  • Mitigations are known to prevent account takeover for your repository. Make sure that only your vetted code is committed. Make sure that you have visibility to all updates, then follow up on unexpected or oddly-timed updates.



A threat actor compromised the npm account of a developer at cryptocurrency platform dYdX and published malicious code in two of the company’s JavaScript libraries—solo and perpetual.

dYdX npm hack

The incident was first spotted by Polish security researcher Maciej Mensfeld, and the company acted within hours to secure its libraries.


    Ads Blocker Image Powered by Code Help Pro

    Ads Blocker Detected!!!

    This site depends on revenue from ad impressions to survive. If you find this site valuable, please consider disabling your ad blocker.