English
中文
日本語
한국어
русский
Türkçe
Français
Português
Español

NPM Package Post Mortem

Product
Product
NPM Post Mortem
Product
Product

On September 23rd, 2022 at 6:14AM EST, we identified malicious versions published to a number of dYdX NPM packages that were quickly removed.

After our initial investigation, we stated the following:

1.  All funds were SAFE

2. Our websites/apps were NOT compromised

3. The attack did NOT impact smart contracts

We have worked with an external forensics firm and confirmed our initial findings, and the post mortem is that (i) all funds are safe, (ii) our website/apps were not compromised, and (iii) the attack did not impact smart contracts.  dYdX does not custody user funds, which are deposited directly by users to a smart contract on the blockchain.

To learn more about our plans and for the most recent updates regarding dYdX, join us on Discord and Twitter.


About dYdX

dYdX is the developer of a leading decentralized exchange on a mission to build open, secure, and powerful financial products. dYdX runs on audited smart contracts on Ethereum, which eliminates the need to trust a central exchange while trading. We combine the security and transparency of a decentralized exchange, with the speed and usability of a centralized exchange.