Malicious code embedded in open-source packages has led to the theft of cryptocurrency from users of the dYdX exchange, according to a report from security firm Socket. The compromised packages, found on the npm and PyPI repositories, targeted wallet credentials and, in some cases, backdoored devices, resulting in complete wallet compromise and irreversible cryptocurrency theft.
The affected packages included versions 3.4.1 and 1.22.1 of "dydxprotocolv4-client-js," according to Ars Technica. The attack impacted all applications using the compromised versions, affecting both developers testing with real credentials and end-users. Researchers at Socket discovered the malicious code, which allowed attackers to steal wallet credentials from dYdX developers and backend systems.
In other news, the British government faced a political storm following the release of files related to the Jeffrey Epstein investigation, as reported by Time. Disclosures from the U.S. Justice Department have already impacted the monarchy, with Prince Andrew facing renewed calls for accountability. The fallout has spread to 10 Downing Street, the official residence of Britain's Prime Minister Keir Starmer.
Meanwhile, a separate investigation revealed that oil- and gas-producing regions in the continental United States are emitting up to five times more methane than companies are reporting to government regulators, according to Nature News.
In other news, Haitians in America are expressing concerns about potential actions from Donald Trump, who, during his last campaign, falsely accused Haitians of eating pets, according to Vox. Trump has previously referred to Haiti as a "shithole country" and now the community fears his actions will be much worse.
Discussion
AI Experts & Community
Be the first to comment