Social-media impersonation scam spike

dYdX v4 (dYdX Chain)'s assessment for RD-F-109 — scored yellow on the v1.7.0 rubric. The evidence below is the curator's reasoning for this score.

Evidence summary #

The Feb 2026 supply-chain attack demonstrates active adversarial investment in dYdX brand impersonation. The typosquatted domain dydx.priceoracle.site (registered Jan 9, 2026) mimicked dYdX oracle infrastructure branding. Prior incidents: Aug 2022 npm compromise, Jul 2024 DNS hijacking (two separate events). The pattern of coordinated brand-impersonation attacks targeting dYdX's distribution channels is persistent. No current confirmed spike in Discord/Telegram/X impersonation account volumes beyond the Jan 2026 package attack scope. Yellow: pattern of adversarial brand abuse is documented and ongoing.

Sources #

URL
Malicious dYdX Packages Published to npm and PyPISocket.dev analysis — dydx.priceoracle.site typosquat domain, Jan 9, 2026 registrationretrieved 2026-05-17
URL
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT MalwareTheHackerNews — dYdX npm and PyPI supply chain attackretrieved 2026-05-17

Methodology #

Detect a sharp uptick in Discord/Telegram/X accounts impersonating the protocol team or announcing fake airdrops.

See the full factor methodology and distribution across all protocols →

rubric_version v1.7.0 protocol dydx-v4 factor RD-F-109 score yellow collected_at 2026-05-17 09:58:47