Open source packages on npm and PyPI were found to contain malicious code that targeted dYdX developers and backend systems. The security firm Socket reported that these compromised packages stole wallet credentials, leading to complete wallet compromise and irreversible cryptocurrency theft. Developers using the infected versions, as well as end-users of applications relying on these packages, are at risk. Specific versions of the npm package (@dydxprotocol/v4-client-js) affected include 3.4.1, 1.22.1, 1.15.2, and 1.0.31, while the PyPI package (dydx-v4-client) version 1.1.5post1 was also compromised. dYdX operates as a decentralized derivatives exchange, facilitating perpetual trading across numerous markets. The exchange has seen over $1.5 trillion in trading volume, averaging between $200 million and $540 million daily. Its infrastructure allows third-party applications to connect for trading bots and automated strategies, which handle sensitive information like mnemonics and private keys. The malware embedded in the npm packages activated a malicious function when processing a wallet's seed phrase, exfiltrating it along with a device fingerprint. This fingerprint enabled attackers to link stolen credentials and track victims across various breaches. The malicious domain used for this attack was dydx[.]priceoracle[.]site, designed to mimic the legitimate dYdX site to trick users.