Researchers found that open source packages on npm and PyPI were infected with malware that stole wallet credentials from dYdX developers and users. The malicious code captured seed phrases and device fingerprints, leading to potential irreversible theft of cryptocurrency. The attack affected multiple versions of the compromised packages.