The malicious code was discovered earlier today by cybersecurity researcher Maciej Mensfeld. This could put dozens of crypto services and platforms at risk, including DyDx, one of the giants of the decentralized finance sector. DyDx was quick to report that fixes had been applied, however the threat appears to be serious and requires maximum vigilance.
Crypto Ecosystem Cyber Alert
Earlier in the day, IT security specialist Maciej Mensfeld of cybersecurity company Mend said his investigation had led to the discovery of a potentially malicious npm package.
Initially available in the open source DEX (decentralized exchange) DyDx, this code, exposed on GitHub by Mensfeld, will contain enough to divert sensitive user information from the platforms on which it will be deployed.
The “custom npm package” contains the Ethereum and TypeScript smart contract library. It looks like it was originally provided by a DyDx employee. However, at the heart of this package is hidden malicious code aimed at extracting confidential information about users in order to send them to someone else’s IP address.
If the details have not yet been released, this package could have been deployed to over 40 other crypto platforms.
The DyDx team reported 2 hours after the warning that a fix had been made. The platform stressed that neither user funds nor smart contracts on the decentralized exchange have been compromised.
Will you support the bitcoin revolution? It’s up to you to decide whether to take the crypto train! To do so and start exploring this exciting world, don’t wait to create an account on Binance, the benchmark bitcoin and cryptocurrency exchange (commercial link).