Skip to Content

dYdX npm hack

Updated on 2022-09-28: npm malware

Twenty-three JavaScript libraries were removed from the npm portal over the past two days after researchers found malware hidden in their code. See the list here.

Updated on 2022-09-23: Compromised npm Packages Affect Cryptocurrency Projects

Multiple npm packages used by cryptocurrency projects have been compromised and are installing information stealers. The compromised packages “were published from the npm account of a dYdX staff member and found to contain illicit code.”


  • Mitigations are known to prevent account takeover for your repository. Make sure that only your vetted code is committed. Make sure that you have visibility to all updates, then follow up on unexpected or oddly-timed updates.



A threat actor compromised the npm account of a developer at cryptocurrency platform dYdX and published malicious code in two of the company’s JavaScript libraries—solo and perpetual.

dYdX npm hack

The incident was first spotted by Polish security researcher Maciej Mensfeld, and the company acted within hours to secure its libraries.


    Ads Blocker Image Powered by Code Help Pro

    Your Support Matters...

    We run an independent site that\'s committed to delivering valuable content, but it comes with its challenges. Many of our readers use ad blockers, causing our advertising revenue to decline. Unlike some websites, we haven\'t implemented paywalls to restrict access. Your support can make a significant difference. If you find this website useful and choose to support us, it would greatly secure our future. We appreciate your help. If you\'re currently using an ad blocker, please consider disabling it for our site. Thank you for your understanding and support.