Malicious packages for dYdX cryptocurrency exchange empties user wallets

Here’s something that’ll make anyone holding crypto nervous — malicious open-source packages on npm and PyPI were used to steal wallets from dYdX users. Imagine developers unknowingly installing code that’s basically a digital thief. According to Dan Goodin writing for Ars Technica, researchers from Socket found the malware was embedded in popular packages, giving hackers direct access to wallet credentials and even backdoors into devices. Now, here’s where it gets wild — any application relying on those compromised packages was vulnerable, meaning both real-world users and developers testing with real credentials were at risk of total crypto theft. The attack isn’t just a small breach; it’s a full-blown wallet vacuum. So what does this mean for you? It’s a stark reminder that open-source code isn’t as safe as you might think — and in the crypto world, one wrong line can cost everything. Keep your guard up, because the next breach could be just a package away.