Popular Cryptocurrency Exchange dYdX Has Had Its NPM Account Hacked

PSingle Author Uploaded 168 Packages To NPM
Table of Contents

San Francisco-based dYdX, a widely used decentralized crypto exchange with roughly $1 billion in daily trades, has had its NPM account hacked in a software supply chain attack that was likely aimed at gaining access to the company’s production systems. The company, founded by ex-Coinbase and Uber engineer Antonio Juliano, dYdX has raised a total of $87 million in funding over 4 rounds and is backed by some powerhouse investors, including Paradigm, a16z, and Polychain.

Here is what we know: 

On 23 September 2022, several new versions of packages owned by dydX were published to NPM. NPM is the world’s largest software repository, with more than 800,000 code packages. Beginning at 12:37 CET, the attacker published new releases to the following packages :

Mend’s Supply Chain Defender automatically detected each malicious package within 30 minutes of the initial releases. Once the packages were flagged, the Mend research team first confirmed that the issue was indeed a supply chain attack. We also tried reaching out to the dydX platform before opening the public report. Due to the severity of the attack and the popularity of those packages, we have decided to open the issue in the appropriate GitHub repository (https://github.com/dydxprotocol/solo/issues/521).

 Figure 1 – Versions history of @dydxprotocol/perpetual

Note: The release of @dydxprotocol/node-service-base-dev was taken down right after it was published. Therefore, it does not have an advisory.

Given the nature of dYdX’s business, we decided to act quickly to reduce potential widespread financial impact. Overall, those three compromised packages have more than 120,000 downloads:

How was the malicious actor able to ship the code to NPM?

Although we cannot fully confirm, it seems they were able to use a stolen NPM account acquired in a different attack, or by performing an account takeover.

Would any malicious release be spotted if you checked the code from the main branch on Github? Unfortunately, no. To avoid suspicion, it seems that the attacker did not obtain or did not use the Github access. Instead, they tried to publish to npm in the most unobtrusive way possible, by updating only the minor versions for each package. Since minors usually do not contain breaking changes, not many are interested in reviewing them. 

Mens rea

While it’s impossible to say for sure, we can presume that the attack was related to what dydX does: cryptocurrencies. Based on the vector attack, we can conclude that the actor was interested in obtaining access to their production systems or other systems that would use it. Did they succeed? We do not know. At the moment of publication, we have not received any comment from dYdX. 

Additionally, we have contacted npm, Github, and Tucows Domains, to lessen the scope of the attack.

Continuous Divert

All of the malicious package versions contain a preinstall hook that looks as if it was about to download a CircleCI script. This is brandjacking in its purest from – the domain looks as if it belongs to CircleCI.

Figure 3 – Defender Diff of the malicious version
(link: https://my.diffend.io/npm/@dydxprotocol/solo/0.41.0/0.41.1)

Our scanners alarmed about the malicious code the script contains:

The first JS script downloads a setup.py file, and then executes its content:

Upon successful execution, the script uploads:

  • hostname, 
  • username, 
  • client’s working directory, 
  • IP address,
  • SSH keys,
  • AWS credentials,
  • IAM roles,
  • ENV variables,

to the attacker’s server. All sensitive data is saved in txt files before the upload.

After the upload, the attacker blurs the traces and removes intermediary files.

How to protect against similar attacks?

Sometimes, doing a manual review of installed packages is not enough – the preinstall hook used by the attacker is deceiving. Automated supply chain security solutions such as Mend Supply Chain Defender inform you when you import a malicious package that contains malicious code.

Learn more about Supply Chain Defender

Manage open source risk

Recent resources

More than 100K sites impacted by Polyfill supply chain attack

The new Chinese owner tampers with the code of cdn.polyfill.io to inject malware targeting mobile devices.

Read more

Over 100 Malicious Packages Target Popular ML PyPi Libraries

Discover the latest security threat as over 100 malicious packages target popular ML PyPi libraries. Learn about the attack methods.

Read more

What New Security Threats Arise from The Boom in AI and LLMs?

Explore the security threats arising from the boom in AI and LLMs, including data privacy, misinformation, and resource exhaustion.

Read more