Close Menu

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Injective SDK on npm infected with cryptocurrency wallet stealer

    July 9, 2026

    OpenMandriva Linux says contributor tried to sabotage the project

    July 9, 2026

    What About the Role of AI? Updated Guidance on Secure by Design

    July 9, 2026
    Facebook X (Twitter) Instagram
    • Demos
    • Technology
    • Gaming
    • Buy Now
    Facebook X (Twitter) Instagram Pinterest Vimeo
    Canadian Cyber WatchCanadian Cyber Watch
    • Home
    • News
    • Alerts
    • Tips
    • Tools
    • Industry
    • Incidents
    • Events
    • Education
    Subscribe
    Canadian Cyber WatchCanadian Cyber Watch
    Home»News»Injective SDK on npm infected with cryptocurrency wallet stealer
    News

    Injective SDK on npm infected with cryptocurrency wallet stealer

    adminBy adminJuly 9, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Injective SDK on npm infected with cryptocurrency wallet stealer

    Hackers compromised the Injective Labs SDK project’s GitHub repository and used it to publish a malicious package on the Node Package Manager (npm) that stole cryptocurrency wallet private keys and mnemonic seed phrases.

    Application security companies Socket, Ox Security, and StepSecurity detected the supply-chain attack via version 1.20.21 of the @injectivelabs/sdk-ts npm package.

    Injective SDK is a TypeScript/JavaScript software development kit (SDK) for building applications on the Injective blockchain, a Layer-1 blockchain focused on decentralized finance (DeFi), tokenized assets, and decentralized exchanges.

    image

    The package has 50,000 weekly downloads on npm and is used by developers building cryptocurrency wallets, trading bots, decentralized exchanges, DeFi applications, and payment tools.

    According to the researchers, the attacker compromised a GitHub account belonging to a legitimate project contributor and made the first suspicious commits on June 8, publishing the malicious version of the package shortly afterward.

    The attacker also published version 1.20.21 for another 17 packages associated with the project, pinning all of them to the compromised SDK version.

    The legitimate account owner detected the compromise within minutes, reverted the changes, and published a clean release, version 1.20.23.

    However, developer systems fetching the malicious packages via an update or used them were likely compromised.

    Socket says the malicious version of the package was downloaded 310 times before it was deprecated, not removed, and the malicious GitHub release artifacts are still available.

    The researchers also note that the package has 87 direct dependencies on npm and very likely multiple additional transitive dependencies.

    A report from Ox Security warns that the 87 dependent packages had a cumulative download count of a little over 112,000.

    Targeting cryptocurrency wallets

    The malware activates when the developers use SDK functions that generate or import wallet keys, rather than upon installation.

    Once those functions are called, the malware captures the full mnemonic seed phrase and private key and encodes the data in base64. All the information is exfiltrated via an HTTP POST request to an Injective Labs public infrastructure endpoint to make the traffic appear legitimate.

    StepSecurity reports that the malware did not immediately transmit stolen secrets, but instead queued multiple keys and mnemonics for two seconds, bundled them in the HTTP request header, and sent them.

    The attackers may then use the mnemonic or private key to port the victim’s wallets to their own devices and access, use, or transfer their digital assets.

    Developers who suspect compromise should transfer their cryptocurrency to new wallets and rotate all secrets in their environment.


    article image

    Security teams log 54% of successful attacks and alert on just 14%. The rest move through your environment unseen.

    The Picus whitepaper shows how breach and attack simulation tests your SIEM and EDR rules so threats stop slipping by detection.

    Get the whitepaper



    Source link

    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleOpenMandriva Linux says contributor tried to sabotage the project
    admin
    • Website

    Related Posts

    News

    OpenMandriva Linux says contributor tried to sabotage the project

    July 9, 2026
    News

    What About the Role of AI? Updated Guidance on Secure by Design

    July 9, 2026
    News

    Patreon Blocks Crawlers From Stealing Creators’ Work for AI Training

    July 9, 2026
    Add A Comment

    Comments are closed.

    Demo
    Top Posts

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Stay In Touch
    • Facebook
    • YouTube
    • TikTok
    • WhatsApp
    • Twitter
    • Instagram
    Latest Reviews
    85
    Featured

    Pico 4 Review: Should You Actually Buy One Instead Of Quest 2?

    January 15, 2021 Featured
    8.1
    Uncategorized

    A Review of the Venus Optics Argus 18mm f/0.95 MFT APO Lens

    January 15, 2021 Uncategorized
    8.9
    Editor's Picks

    DJI Avata Review: Immersive FPV Flying For Drone Enthusiasts

    January 15, 2021 Editor's Picks

    Subscribe to Updates

    Get the latest tech news from FooBar about tech, design and biz.

    Demo
    Most Popular

    Catchy & Intriguing

    March 17, 202677 Views

    The Canadian Password Playbook: Navigating Compliance and Building Strong Passwords

    March 25, 202634 Views

    IP Address Investigations and Local OSINT

    March 20, 202633 Views
    Our Picks

    Injective SDK on npm infected with cryptocurrency wallet stealer

    July 9, 2026

    OpenMandriva Linux says contributor tried to sabotage the project

    July 9, 2026

    What About the Role of AI? Updated Guidance on Secure by Design

    July 9, 2026

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Facebook X (Twitter) Instagram Pinterest
    • Home
    • Technology
    • Gaming
    • Phones
    • Buy Now
    © 2026 ThemeSphere. Designed by ThemeSphere.

    Type above and press Enter to search. Press Esc to cancel.