Security News > 2022 > September > npm packages used by crypto exchanges compromised
Multiple npm packages published by the crypto exchange, dYdX, and used by at least 44 cryptocurrency projects appear to have been compromised.
The packages in question were published from the npm account of a dYdX staff member and found to contain illicit code that would run info stealers on a system when installed.
Security researcher Maciej Mensfeld of software supply chain security firm Mend and creator of Diffend.io, reported coming across multiple npm packages that were compromised and covertly installing infostealers.
These packages make up the "Ethereum Smart Contracts and TypeScript library used for the dYdX Solo Trading Protocol."
The solo package, for example, is used by at least 44 GitHub repositories belonging to multiple crypto platforms.
Php -d "Textdata=' + allen + '"'). BleepingComputer observed the malicious code is strikingly identical to that seen in the past, involving the malicious 'PyGrata' Python packages that also stole the victim's AWS credentials, environment variables, and SSH keys.
News URL
https://www.bleepingcomputer.com/news/security/npm-packages-used-by-crypto-exchanges-compromised/
Related news
- US sanctions crypto exchanges used by Russian darknet market, banks (source)
- Ex-Amazon engineer gets 3 years for hacking crypto exchanges (source)
- Ex-Security Engineer Jailed 3 Years for $12.3 Million Crypto Exchange Thefts (source)
- Russian Operator of BTC-e Crypto Exchange Pleads Guilty to Money Laundering (source)