"DeFi Exchange dYdX npm User Account Gets Hacked"

Several npm packages used by the popular Decentralized Finance (DeFi) exchange dYdX appear to have been hacked, as they were discovered containing illegal code that would launch information stealers when installed on a system. Maciej Mensfeld, the creator of Diffend.io and a security researcher at the Mend software supply chain security firm, reported finding numerous corrupted npm packages that were secretly installing information stealers. The attacker appears to have gained control of a dYdX employee's npm account and used it to upload updated versions of credible packages. They have a predefined set of operations on the victim's computer that they want to perform before opening a channel for arbitrary code execution, stealing their environment variables and login information for multiple services. This article continues to discuss the compromise of npm packages used by DeFi exchange dYdX. 

The Crypto Times reports "DeFi Exchange dYdX NPM User Account Gets Hacked"