dYdX users at risk as compromised npm and PyPI packages drain crypto wallets

Security firm Socket reported that attackers have compromised official dYdX-related packages on npm and PyPI, stealing wallet seed phrases and other credentials from developers and users. The malicious code allegedly enabled complete wallet takeover, crypto theft, and remote execution of additional malware by communicating with a typosquatted domain linked to dYdX services.