Researchers report that hackers compromise the Injective Labs SDK project and use that access to publish a malicious package on npm. According to multiple reports, the attackers first breach the project’s GitHub repository, then publish a tainted dependency under the Injective ecosystem. The malicious code is described as a wallet stealer that attempts to capture sensitive credentials from users’ environments, including cryptocurrency wallet private keys and mnemonic seed phrases. Separate coverage also characterizes the activity as an attempt to backdoor the Injective-related npm package to obtain wallet information during normal wallet workflows. The affected packages and the scope of impact are tied to developers and applications that integrate Injective wallet functionality through the SDK. The reports emphasize that developers who maintain Node.js dependencies for Injective-related tooling should review their installed versions, check for the presence of the malicious package, and rotate any exposed credentials if compromise is confirmed. The incidents highlight how supply-chain breaches of widely used developer libraries can be used to target downstream wallets and applications that handle private key material.
Malicious npm package targeting Injective SDK attempts to steal cryptocurrency wallet keys
Researchers report that hackers compromise the Injective Labs SDK project and use that access to publish a malicious package on npm. According to multiple reports, the attackers first breach the proje...
- Hackers publish a malicious package related to the Injective SDK on npm.
- Reports say the attackers compromise the Injective Labs SDK GitHub repository before publishing the package.
- The malicious package is designed to steal cryptocurrency wallet private keys and mnemonic seed phrases.
- The incident affects developers and applications that use Injective wallet workflows through the Node.js ecosystem.
- The activity is also described as a backdoor attempt in Injective’s npm package supply chain.
The incident is significant for developers and applications that handle Injective wallet workflows, Socket researchers said.
3 hours agoHackers compromised the Injective Labs SDK project's GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stole cryptocurrency wallet private keys and mnemonic seed phrases. [...]
10 hours ago
KRX activates circuit breaker and sidecars as KOSPI swings sharply
Korea Exchange (KRX) measures triggered during sharp KOSPI moves are drawing attention to volatility in Korea’s stock ma...
Dr Reddy’s delays semaglutide supplies after API quality issue
Dr Reddy’s is delaying semaglutide supplies after identifying an issue with the active pharmaceutical ingredient (API) q...
AIS updates planned to flag foreign income and overseas assets for taxpayers
India’s tax administration is expanding the scope of the Annual Information Statement (AIS), with planned changes aimed...