A whole host of crypto npm packages have been compromised

Audio & Video

@dydxprotocol/perpetual – versions 1.

2.

2, 1.

2.

3Allegedly, the package ‘@dydxprotocol/node-service-base-dev’ was also compromised, but that one has since been pulled from the platform.  The packages are described as ‘Ethereum Smart Contracts and TypeScript library used for the dYdX Solo Trading Protocol. ‘ The solo package, the publication found, is used by at least 44 GitHub repositories, being built by “multiple crypto platforms.

Read more