Injective SDK on npm infected with cryptocurrency wallet stealer
10 Articles
10 Articles
Injective SDK on npm infected with cryptocurrency wallet stealer
Hackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stole cryptocurrency wallet private keys and mnemonic seed phrases. [...]
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was
Injective npm Package Hit by Backdoor Attack Targeting Crypto Wallet Keys
Security researchers caught hackers trying to plant a backdoor inside the Injective npm package — a widely used tool in… Read the original on Injective npm Package Hit by Backdoor Attack Targeting Crypto Wallet Keys. For more crypto news and analysis, visit TheCurrencyAnalytics.com.
Injective npm Package Backdoor Targeted Wallet Keys Before Clean Release
Hackers pushed a malicious version of Injective’s TypeScript SDK to npm in a supply-chain attack designed to steal wallet recovery phrases and private keys from developer environments. The compromised release, @injectivelabs/sdk-ts@1.20.21, added code that captured mnemonics and raw private keys when applications created or loaded wallets. The payload was disguised as a telemetry helper and sent stolen secrets to an attacker-controlled endpoint …
The malware in the npm again exposed the risks of attacks on the software supply chain. This time, the target was the official @injectivelabs/sdk-ts package, used by developers to integrate applications into the blockchain Injective. The incident caught the attention of the security community because the malicious code was distributed through a legitimate and widely used package in the Web3 ecosystem, transforming a reliable library into a tool …
Coverage Details
Bias Distribution
- 100% of the sources are Center
Factuality
To view factuality data please Upgrade to Premium








