Скачать или смотреть dYdX Packages Turn Malicious: How One Update Steals Wallets [Prime Cyber Insights]

Compromised dYdX client libraries on npm and PyPI were updated with malware designed to steal wallet seed phrases—and in the Python variant, a RAT capable of executing remote commands as soon as the package is imported. If you installed the impacted versions, response should be treated as both credential compromise and potential host compromise: isolate systems, move funds using a clean machine, and rotate API keys and secrets. We also break down CISA’s new binding directive ordering U.S. federal agencies to identify and replace end-of-support edge devices—firewalls, routers, VPN gateways, and other perimeter systems that attackers increasingly use as reliable entry points.


Topics Covered
🔒 Open-source supply chain compromise in npm and PyPI packages
🚨 Wallet-stealer + RAT behavior, indicators, and why “import-time” execution matters
🛡️ Practical incident response steps: isolation, key rotation, wallet migration, and dependency pinning
🌐 CISA’s end-of-support edge device directive and the risk of unpatched perimeter gear
📊 “Phantom packages” and npx confusion: how unclaimed names become code execution


Disclaimer: This episode is for informational purposes only and does not constitute legal, financial, or security advice.


Neural Newscast is AI-assisted, human reviewed. View our AI Transparency Policy at NeuralNewscast.com.



• (00:00) - Introduction


• (00:30) - dYdX npm & PyPI Malware: Wallet Stealer and RAT


• (00:52) - CISA Orders Removal of End-of-Support Edge Devices


• (01:11) - Conclusion