Malicious code embedded in open-source packages on the npm and PyPI repositories led to the theft of cryptocurrency wallet credentials from dYdX developers and backend systems, according to a report released Friday by security firm Socket. The compromised packages, including versions of dydxprotocolv4-client-js, put all applications using them at risk, potentially leading to irreversible cryptocurrency theft.
The attack targeted dYdX, a cryptocurrency exchange, by infecting open-source packages with malicious code. The compromised packages included npm (dydxprotocolv4-client-js): 3.4.1 and 1.22.1. Researchers found that the code stole wallet credentials and, in some cases, backdoored devices. The impact of the attack included complete wallet compromise and irreversible cryptocurrency theft, affecting both developers testing with real credentials and production end-users.
In other news, Bitcoin experienced a significant price drop this week, with the cryptocurrency falling nearly $15,000 in 24 hours. While Bitcoin has since recovered some of its losses, trading around $70,000 as of Friday, the event left many crypto insiders questioning the cause. One theory, put forth by Parker White, a former equities trader and current COO at DeFi Development Corporation, suggests that the crash may be linked to high-leverage Bitcoin bets placed by Hong Kong traders that went wrong.
Meanwhile, in a separate development, Anthropic's newest AI model, Claude Opus 4.6, has demonstrated an ability to identify security vulnerabilities in software. According to a report from the company's Frontier Red Team, the model identified over 500 previously unknown zero-day vulnerabilities across open-source software libraries. The model was not explicitly instructed to search for these flaws, but rather detected and flagged them on its own.
In other news, a suicide bombing at a Shiite mosque on the outskirts of Islamabad, Pakistan, resulted in the deaths of at least 31 people and injured at least 169 others. The attack occurred during Friday prayers, according to officials, and represents a rare bombing in Pakistan's capital. Television footage and social media images showed police and residents transporting the wounded to nearby hospitals.
Finally, the Centers for Disease Control and Prevention (CDC) has reduced the number of health alerts it is issuing, leaving doctors feeling "flying blind," according to NPR News. The CDC has not issued a health alert related to the measles outbreak in Spartanburg, S.C.
Discussion
AI Experts & Community
Be the first to comment