dYdX Adds Tether Gold Trading

The $100K trading competition on bonk.trade, powered by dYdX, continues to intensify as participants compete for prizes. The leaderboard shows active trading as the competition progresses. **Key Details:** - Competition hosted on [bonk.trade](http://bonk.trade) - $100,000 prize pool - Powered by dYdX infrastructure - Leaderboard actively updating Traders can monitor their rankings and competition standings as the event unfolds.

dYdX has activated liquidation rebate claims for the first half of January, targeting traders who participated in **Surge Season 10**. **Key Details:** - Traders who were active during Surge Season 10 may qualify for rebates - Claims are now available for the first half of January 2026 - Eligible users can check their status and claim at [dydx.xyz/liquidation-rebates](https://dydx.xyz/liquidation-rebates) This follows a similar program for Surge Season 9, which offered up to $1M in liquidation rebates to participants. *Check your eligibility and claim any available rebates through the official portal.*

**Malicious versions** of dydx-v4-clients were uploaded to PyPI (version 1.1.5.post1) and NPM (versions 3.4.1, 1.22.1, 1.15.2, 1.0.31). **If you're using these versions, your funds are at risk.** The official versions hosted on the dydxprotocol GitHub repository are **safe and do not contain malware**. - Check your dependencies immediately - Update to verified versions from official sources - Review recent transactions if you used affected versions

**Critical Remote Code Execution (RCE) Vulnerability Detected** A full remote code execution exploit has been identified, requiring immediate action from affected users. **Immediate Steps Required:** - **Isolate** the affected machine immediately - **Stop** all trading and wallet operations on the compromised device - **Transfer** funds to new wallets using a clean, unaffected machine - **Rotate** all API keys and credentials that were accessible from the compromised system - **Contact** your security team for forensic analysis **Severity:** Assume complete system compromise, including all stored keys, credentials, and secrets. The full capabilities of the payload remain unknown. **Stay Protected:** Use hardware wallets, keep systems updated, enable 2FA, and remain vigilant against phishing attempts.

**Critical Security Alert for dYdX Users** Malicious versions of dydx-v4-clients have been uploaded to package repositories, putting user funds at immediate risk. **Affected Versions:** - PyPI: version 1.1.5.post1 - NPM: versions 3.4.1, 1.22.1, 1.15.2, 1.0.31 If you are currently using any of these compromised versions, your funds are at risk and require immediate action. **What You Should Do:** - Check your installed dydx-v4-client version immediately - Update to a verified safe version if affected - Review your account for any unauthorized activity This supply chain attack targets developers and users through compromised package managers, a growing threat in the web3 ecosystem.