ShellCodeX Intelligence Brief
CRITICAL
Open Source
Injective SDK compromised on GitHub, malicious npm package steals wallets
Source headline: Injective SDK on npm infected with cryptocurrency wallet stealer
Threat level
Critical
Signal strength
85/100
Source confidence
1 source
Published
2 hours ago
Intelligence Summary
Attackers compromised the Injective Labs SDK GitHub repository. They then published a malicious package to npm using the project’s name and versioning. The package was designed to steal cryptocurrency wallet private keys and mnemonic seed phrases. This could allow stolen credentials to be used for unauthorized access and irreversible fund loss. Developers and users who installed the affected npm package should verify integrity and rotate any exposed wallet secrets immediately.
Recommended Action
Prioritize immediate review, validate exposure, and patch or mitigate affected systems.
Topics
Original reporting
BleepingComputer
Injective SDK on npm infected with cryptocurrency wallet stealer
Open original source