Researchers have revealed that bad actors are targeting dYdX and using malicious packages to empty its user wallets.