Malicious code was detected earlier today by the cybersecurity researcher Maciej Mensfeld. This one could have compromised several dozen crypto services and platforms, including DyDx, one of the giants of the Decentralized Finance sector. DyDx quickly let it be known that patches had been applied, however the threat seems serious and calls for the greatest vigilance.
Cyber alert on the crypto ecosystem
Earlier in the day, the IT security specialist Maciej Mensfeld from the cybersecurity company mendreported that his investigations led him to discover an npm set Multiple npm packages) potentially infected with malicious code.
Initially made available in open source by the CEX (decentralized exchange) DyDx, this code exposed on GitHub by Mensfeld would contain enough to divert sensitive user information from the platforms where it would be deployed.
The ” npm solo package“, contains an Ethereum library of Smart Contracts and TypeScript. It appears to have originally been made available by a DyDx employee. However, at the heart of this package hides malicious code whose purpose is to extract confidential information about users in order to send them to a foreign IP address.
If the details have not yet been communicated, this package could have been deployed on more than 40 other crypto platforms.
The DyDx team has let it be known 2 hours after the alert that a fix had been made. The platform stressed that user funds were not compromised, nor were smart contracts on the decentralized exchange.
Will you support the Bitcoin revolution? It’s up to you to get on the crypto train! To do this, and begin to familiarize yourself with this exciting world, do not wait for you create an account on Binancethe reference Bitcoin and crypto exchange (commercial link).