Malicious code embedded in open-source packages on the npm and PyPI repositories led to the theft of wallet credentials from dYdX cryptocurrency exchange developers and users, according to researchers. The compromised packages, including versions of dydxprotocolv4-client-js, put all applications using them at risk of complete wallet compromise and irreversible cryptocurrency theft, security firm Socket reported on Friday.
The attack targeted developers and end-users alike, with the malicious code potentially backdooring devices. The specific versions of the compromised packages were dydxprotocolv4-client-js: 3.4.1 and 1.22.1. The discovery highlights the ongoing risks associated with open-source software and the potential for supply chain attacks.
In other news, the cryptocurrency market experienced significant volatility this week. Bitcoin's price plummeted, losing nearly $15,000 in a single day, a downturn reminiscent of the 2022 collapse of Sam Bankman-Fried's crypto empire, according to Fortune. Although Bitcoin has since recovered some of its losses, trading around $70,000 on Friday, the sudden drop left many industry insiders questioning the cause. One theory, put forth by Parker White, former equities trader and current COO at DeFi Development Corporation, suggests the crash was triggered by high-leverage Bitcoin bets placed by Hong Kong traders that went wrong.
Meanwhile, in the realm of cybersecurity, Anthropic's newest AI model, Claude Opus 4.6, demonstrated an ability to identify software vulnerabilities. During testing, the model discovered over 500 previously unknown zero-day vulnerabilities in open-source software libraries, according to a report from the company's Frontier Red Team, as reported by Fortune. Notably, the model was not explicitly instructed to search for these flaws, but rather detected and flagged them independently.
In other news, a suicide bombing at a Shiite mosque on the outskirts of Islamabad, Pakistan, resulted in the deaths of at least 31 people and injured at least 169 others, according to NPR. The attack, which occurred during Friday prayers, is considered a rare bombing in the capital as the government struggles to contain a surge in militant attacks across the country.
Finally, NPR reported that a drop in health alerts from the Centers for Disease Control and Prevention (CDC) is leaving doctors "flying blind."
Discussion
AI Experts & Community
Be the first to comment