ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
CRITICAL Open Source

Injective SDK compromised on GitHub, malicious npm package steals wallets

Source headline: Injective SDK on npm infected with cryptocurrency wallet stealer

Threat level Critical
Signal strength 85/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

Attackers compromised the Injective Labs SDK GitHub repository. They then published a malicious package to npm using the project’s name and versioning. The package was designed to steal cryptocurrency wallet private keys and mnemonic seed phrases. This could allow stolen credentials to be used for unauthorized access and irreversible fund loss. Developers and users who installed the affected npm package should verify integrity and rotate any exposed wallet secrets immediately.

Recommended Action

Prioritize immediate review, validate exposure, and patch or mitigate affected systems.

Topics

#cryptocurrency #supply-chain #npm #seed-phrase-theft #wallet-stealer
Original reporting BleepingComputer Injective SDK on npm infected with cryptocurrency wallet stealer
Open original source