Security News > 2022 > September > npm packages used by crypto exchanges compromised
Multiple npm packages published by the crypto exchange, dYdX, and used by at least 44 cryptocurrency projects appear to have been compromised.
The packages in question were published from the npm account of a dYdX staff member and found to contain illicit code that would run info stealers on a system when installed.
Security researcher Maciej Mensfeld of software supply chain security firm Mend and creator of Diffend.io, reported coming across multiple npm packages that were compromised and covertly installing infostealers.
These packages make up the "Ethereum Smart Contracts and TypeScript library used for the dYdX Solo Trading Protocol."
The solo package, for example, is used by at least 44 GitHub repositories belonging to multiple crypto platforms.
Php -d "Textdata=' + allen + '"'). BleepingComputer observed the malicious code is strikingly identical to that seen in the past, involving the malicious 'PyGrata' Python packages that also stole the victim's AWS credentials, environment variables, and SSH keys.
News URL
https://www.bleepingcomputer.com/news/security/npm-packages-used-by-crypto-exchanges-compromised/
Related news
- North Korea targets crypto developers via NPM supply chain attack (source)
- US seizes domain of Garantex crypto exchange used by ransomware gangs (source)
- International cops seize ransomware crooks' favorite Russian crypto exchange (source)
- U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website (source)
- Uncle Sam charges alleged Garantex admins after crypto-exchange web seizures (source)
- Garantex crypto exchange admin arrested while on vacation (source)