Researchers studying cybersecurity have found a new supply chain attack where malicious versions of legitimate packages on npm and the Python Package Index (PyPI) repository are pushed to enable remote code execution and wallet credential theft This article explores client pypi dydxprotocol. . The following are the compromised versions of the two packages: dydx-v4-client (PyPI) - 1.1.5post1 - @dydxprotocol/v4-client-js (npm) - 3.4.1, 1.22.1, 1.15.2, 1.0.31 "The dydx-v4-client (PyPI) and @dydxprotocol/v4-client-js (npm) packages give developers tools to interact with the dYdX v4 protocol, including transaction signing, order placement, and wallet management," said Kush Pandya, a socket security researcher.

"These packages are used by applications to manage delicate cryptocurrency operations. "dYdX is a decentralized, non-custodial cryptocurrency exchange that lets users keep complete control over their assets while trading margin and perpetual swaps.

The DeFi exchange claims on its website that its total trading volume has surpassed $1.5 trillion. Since the rogue versions were published using valid publishing credentials, it is believed that developer accounts were compromised, even though this is the current method used to push these tainted updates. ### Supply Chain Risks with Non-Existent Packages: The PyPI version adds persistent system access, while the npm version concentrates on credential theft.

The revelation follows Aikido's explanation of how npm packages that are mentioned in README files and scripts but are never published present a tempting supply chain attack vector, enabling a threat actor to release packages under those names in order to disseminate malware.

The discovery is the most recent example of how software supply chain threats are becoming more sophisticated, enabling malicious actors to compromise multiple users simultaneously by taking advantage of the trust that open-source repositories are known for. Omer Kidron of Sygnia stated, "The software supply chain offers a deep, low-noise initial access path into downstream environments, which is why sophisticated attackers are moving upstream into it."

"The same approach is applicable to all organizations, regardless of whether they consider themselves to be the primary targets, as it supports both opportunistic attacks at scale ('spray') through widely trusted ecosystems and precision compromise (a specific vendor, maintainer, or build identity)."" According to Aikido's analysis, the 128 phantom packages downloaded 121,539 times between July 2025 and January 2026, with an average of 3,903 downloads per week and a peak of 4,236 downloads last month. The packages that have received the most downloads are as follows: openapi-generator-cli (48,356 downloads), which imitates @openapitools/openapi-generator-cli cucumber-js (32,110 downloads); dependency-cruiser jsdoc2md (4,641 downloads); and grpc_tools_node_protoc (4,518 downloads).

1,166 downloads of vue-demi-switch According to security researcher Charlie Eriksen, "Openapi-generator-cli saw 3,994 downloads in just the last seven days."