Close Menu
Cryphedge.com
  • Home
  • Crypto News
    • Bitcoin
    • NFT News
  • Altcoins
  • Scams
  • Blockchain
  • Regulations
  • Trading
Facebook X (Twitter) Instagram
Cryphedge.com
  • Home
  • Crypto News
    • Bitcoin
    • NFT News
  • Altcoins
  • Scams
  • Blockchain
  • Regulations
  • Trading
Cryphedge.com
Home » New Phishing Scheme Targets Crypto Futures On MEXC Exchange
New Phishing Scheme Targets Crypto Futures On MEXC Exchange

New Phishing Scheme Targets Crypto Futures On MEXC Exchange

April 15, 20253 Mins ReadNo Comments Altcoins
Share
Facebook Twitter LinkedIn Pinterest Email

The JFrog Security Research team has warned about a malicious package targeting crypto futures trading on the MEXC exchange, seeking to steal funds and leak trading credentials.

The team has published a report on April 15 detailing the “ccxt-mexc-futures” package, which uses the legitimate Cryptocurrency Exchange Trading (CCXT) library to redirect user trading requests to a malicious server.

NEW SECURITY RESEARCH ALERT: The JFrog #Security Team found a phishing scheme in the Python Package Index (PyPI) targeting crypto futures trading, which reached $1.67B in Q1 2025. A malicious package redirects users to a fake MEXC site (https://t.co/H4IJLdEb5o), promoted on… pic.twitter.com/UUYaLKSZbW

— JFrog (@jfrog) April 15, 2025

The malicious party sets a domain, very similar to the legitimate one. In this case, a user can mistake the fake MEXC domain for a legitimate one.

Once a victim falls into the trap, the attackers can hijack all crypto and sensitive information that the trading request contains.

Therefore, attackers can also steal Application Programming Interface (API) keys and secrets. Subsequently, this compromises crypto trading accounts.

Per the researchers, “the use of obfuscation techniques and a fake MEXC website further demonstrates the sophistication of this phishing campaign.” The fake website is even promoted on Facebook.

Source: JFrog

Meanwhile, going into more detail, JFrog explains that the ccxt-mexc-futures package claims to extend the crypto trading capabilities via the CryptoCurrency eXchange Trading (ccxt) PyPI package.

This is a legitimate and popular crypto trading Python package that supports trading on many exchanges, including MEXC.

However, the attackers claim that the malicious package extends the legitimate CCXT package to support “futures” trade on MEXC.

Instead, to accomplish its goals, the malicious package overrides three relevant functions: describe, sign, and prepare_request_headers.

You might also like
New Malicious Campaign Targets Atomic and Exodus Wallets

Adding, Rewriting, Redirecting, Stealing Crypto Futures

The report goes on to explain that the MEXC interface in CCXT defines a wide set of APIs to support different types of trading. The attackers targeted two of these APIs: contract_private_post_order_submit and contract_private_post_order_cancel.

Once the malicious ccxt-mexc-futures package overrides these two APIs, it adds a third one, spot4_private_post_order_place.

Therefore, users create, place, or cancel trading orders through these APIs that pose as the legitimate APIs of the CCXT library.

“Every time a user utilizes these entries, instead of using the CCXT-defined entries, they will use the attacker’s entries, specifying futures trading in the request,” the researchers say.

Source: JFrog

Notably, the attackers went even further. They made it so that a “BadRequest” response will change into an “OrderFilled” response, so that users think the order went through.

Also, as the malicious package overrides the sign function, if a user tries to communicate with MEXC using the package, the requests will go to the fake domain.

This also means sending the user token in the request header to the attackers.

If the user token is not supplied, the package will request the user to add it before making an order.

“If it is not a future-related entry, the package directs the flow to the original MEXC exchange implementation of the CCXT package,” the report notes.

Meanwhile, the researchers discovered two versions of the malicious package. They use different methods to hide and run arbitrary code on the computer of the victim who installed the package.

However, both methods are “very common ways for attackers to hide and run malicious payloads.”

As a response to this threat, JFrog says it has added the malicious Python packages to JFrog Xray to enable users to detect them immediately.

You might also like
Crypto Mining Malware and Open Source Malware Packages Doubled in Q1 2025

The post New Phishing Scheme Targets Crypto Futures On MEXC Exchange appeared first on Cryptonews.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
cryphedge

Related Posts

XRP Sees 4,941 New Wallets In One Day As Price Clings To $1 Support

June 30, 2026

XRPL ReservedTxns: Schwartz’s Anti-Front-Running Fix

June 30, 2026

XRP Price Today: XRP At $1.05

June 30, 2026

Will HYPE Eat BNB’s Market?

June 30, 2026
Add A Comment

Comments are closed.

Editors Picks

Google Gemini AI Predicts Jaw-Dropping Sandisk Stock Price by End of 2026

June 30, 2026

Tom Lee’s BitMine Adds $43 Million in Ethereum as Strategy Pauses Bitcoin Purchases

June 30, 2026

July Bounce, Brutal August, Then the Final Low Near $39,000

June 30, 2026

Binance Will List Re (RE): Everything You Need to Know About the New RWA Token

June 30, 2026
About

cryphedge is an online news portal that aims to share the latest crypto news, bitcoin, altcoin, blockchain, nft news, regulation, trading, crypto scams and much more stuff.

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

Trump Gala Faces DOJ Probe Push Over $TRUMP Coin Dinner

May 23, 2025

XRP $10 Daily Investment Returns Since 2015

August 23, 2025

Bittensor Co-Founder Pushes Back on Covenant AI Claims as Governance Dispute Deepens

April 10, 2026
Subscribe
Please enable JavaScript in your browser to complete this form.
Loading
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • DMCA

Type above and press Enter to search. Press Esc to cancel.

  • bitcoinBitcoin(BTC)$58,949.00-1.55%
  • ethereumEthereum(ETH)$1,582.46-0.47%
  • tetherTether(USDT)$1.00-0.01%
  • binancecoinBNB(BNB)$548.78-1.30%
  • usd-coinUSDC(USDC)$1.00-0.02%
  • rippleXRP(XRP)$1.04-0.52%
  • solanaSolana(SOL)$74.630.15%
  • tronTRON(TRX)$0.315182-1.39%
  • Figure HelocFigure Heloc(FIGR_HELOC)$1.01-2.94%
  • HyperliquidHyperliquid(HYPE)$65.26-0.77%
  • dogecoinDogecoin(DOGE)$0.071906-0.90%
  • RainRain(RAIN)$0.015791-0.93%
  • USDSUSDS(USDS)$1.000.00%
  • leo-tokenLEO Token(LEO)$9.25-3.06%
  • stellarStellar(XLM)$0.20539814.73%
  • zcashZcash(ZEC)$398.92-0.42%
  • WhiteBIT CoinWhiteBIT Coin(WBT)$54.2714.01%
  • moneroMonero(XMR)$309.88-1.17%
  • CantonCanton(CC)$0.1432650.41%
  • cardanoCardano(ADA)$0.1464031.32%
  • chainlinkChainlink(LINK)$7.24-0.79%
  • USD1USD1(USD1)$1.000.00%
  • daiDai(DAI)$1.000.00%
  • Ethena USDeEthena USDe(USDE)$1.00-0.03%
  • Gram (prev. Toncoin)Gram (prev. Toncoin)(GRAM)$1.53-4.09%
  • bitcoin-cashBitcoin Cash(BCH)$204.932.53%
  • LABLAB(LAB)$12.48-15.77%
  • litecoinLitecoin(LTC)$42.56-0.08%
  • Circle USYCCircle USYC(USYC)$1.13-0.06%
  • hedera-hashgraphHedera(HBAR)$0.070012-1.29%
  • Global DollarGlobal Dollar(USDG)$1.00-0.02%
  • avalanche-2Avalanche(AVAX)$6.60-0.85%
  • suiSui(SUI)$0.700.80%
  • PayPal USDPayPal USD(PYUSD)$1.00-0.03%
  • shiba-inuShiba Inu(SHIB)$0.000004-0.58%
  • crypto-com-chainCronos(CRO)$0.0539070.34%
  • tether-goldTether Gold(XAUT)$3,971.860.28%
  • nearNEAR Protocol(NEAR)$1.81-1.71%
  • BlackRock USD Institutional Digital Liquidity FundBlackRock USD Institutional Digital Liquidity Fund(BUIDL)$1.000.00%
  • Ondo US Dollar YieldOndo US Dollar Yield(USDY)$1.140.21%
  • BittensorBittensor(TAO)$201.71-2.34%
  • World Liberty FinancialWorld Liberty Financial(WLFI)$0.058704-0.71%
  • pax-goldPAX Gold(PAXG)$3,973.930.38%
  • uniswapUniswap(UNI)$2.83-1.92%
  • AsterAster(ASTER)$0.630.62%
  • okbOKB(OKB)$79.270.02%
  • OndoOndo(ONDO)$0.3127490.11%
  • HTX DAOHTX DAO(HTX)$0.000002-2.95%
  • WorldcoinWorldcoin(WLD)$0.4103310.23%
  • Falcon USDFalcon USD(USDF)$0.99-0.01%
  • Ripple USDRipple USD(RLUSD)$1.00-0.02%
  • polkadotPolkadot(DOT)$0.831.29%
  • usddUSDD(USDD)$1.00-0.02%
  • mantleMantle(MNT)$0.407131-5.07%
  • aaveAave(AAVE)$86.96-3.98%
  • BFUSDBFUSD(BFUSD)$1.00-0.05%
  • Pi NetworkPi Network(PI)$0.114846-1.39%
  • MorphoMorpho(MORPHO)$1.900.19%
  • SkySky(SKY)$0.052742-0.33%
  • internet-computerInternet Computer(ICP)$2.11-2.27%
  • bitget-tokenBitget Token(BGB)$1.59-1.84%
  • ethereum-classicEthereum Classic(ETC)$6.91-2.15%
  • DeXeDeXe(DEXE)$22.93-0.84%
  • MemeCoreMemeCore(M)$0.8017.11%
  • United StablesUnited Stables(U)$1.00-0.02%
  • PepePepe(PEPE)$0.000002-0.86%
  • Blockchain CapitalBlockchain Capital(BCAP)$106.970.00%
  • quant-networkQuant(QNT)$64.89-0.61%
  • ​​Stable​​Stable(STABLE)$0.0388361.73%
  • kucoin-sharesKuCoin(KCS)$6.73-2.81%
  • Spiko EU T-Bills Money Market FundSpiko EU T-Bills Money Market Fund(EUTBL)$1.200.02%
  • AudieraAudiera(BEAT)$2.914.27%
  • Janus Henderson Anemoy Treasury FundJanus Henderson Anemoy Treasury Fund(JTRSY)$1.110.01%
  • Invesco Short Duration US Government Securities FundInvesco Short Duration US Government Securities Fund(USTB)$11.130.03%
  • USDGOUSDGO(USDGO)$1.00-0.01%
  • kaspaKaspa(KAS)$0.030515-0.31%
  • cosmosCosmos Hub(ATOM)$1.520.24%
  • render-tokenRender(RENDER)$1.50-3.01%
  • justJUST(JST)$0.0874960.50%
  • algorandAlgorand(ALGO)$0.083001-2.50%
  • POL (ex-MATIC)POL (ex-MATIC)(POL)$0.069166-0.97%
  • USDtbUSDtb(USDTB)$1.000.01%
  • JupiterJupiter(JUP)$0.2156791.60%
  • nexoNEXO(NEXO)$0.71-0.81%
  • gatechain-tokenGate(GT)$6.51-0.67%
  • ADIADI(ADI)$5.50-0.96%
  • Janus Henderson Anemoy AAA CLO FundJanus Henderson Anemoy AAA CLO Fund(JAAA)$1.040.02%
  • VelvetVelvet(VELVET)$1.60-2.62%
  • EthenaEthena(ENA)$0.072257-6.60%
  • BeldexBeldex(BDX)$0.084613-5.82%
  • Spiko Amundi Overnight Swap Fund (EUR)Spiko Amundi Overnight Swap Fund (EUR)(EURSAFO)$1.15-0.01%
  • 币安人生 (BinanceLife)币安人生 (BinanceLife)(币安人生)$0.62-9.54%
  • GHOGHO(GHO)$1.00-0.01%
  • Venice TokenVenice Token(VVV)$12.49-4.04%
  • filecoinFilecoin(FIL)$0.73-0.06%
  • Pump.funPump.fun(PUMP)$0.001411-4.46%
  • YLDSYLDS(YLDS)$1.000.00%
  • FlareFlare(FLR)$0.006419-1.91%
  • Usual USDUsual USD(USD0)$1.00-0.02%
  • xdce-crowd-saleXDC Network(XDC)$0.027561-1.85%