An attacker appears to have installed a token-draining program on the official domain for dYdX version 3.0.