Security · 1h ago
Injective Labs GitHub Breach Leads to Crypto Wallet-Stealing npm Package
Attackers compromised Injective Labs' GitHub repo to publish a malicious npm package, @injectivelabs/sdk-ts@1.20.21, that steals cryptocurrency wallet private keys and seed phrases. The package contained fake telemetry to exfiltrate wallet data. Users who installed the compromised version should rotate keys immediately.
Meridian48 take
This incident underscores the supply-chain risks in crypto development tools, where a single compromised dependency can drain wallets globally.
Read the full reporting
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages →
The Hacker News
supply-chain-attackcrypto-wallet-theft