FRIDAY, JULY 10, 2026 48° E  /  GLOBAL TECH · SUMMARISED SUBSCRIBE
AI, business, devices, policy — global tech, summarised every 30 minutes.
Security · 1h ago

Injective Labs GitHub Breach Leads to Crypto Wallet-Stealing npm Package

By Meridian48 News Desk · Summarised from The Hacker News ·

Attackers compromised Injective Labs' GitHub repo to publish a malicious npm package, @injectivelabs/sdk-ts@1.20.21, that steals cryptocurrency wallet private keys and seed phrases. The package contained fake telemetry to exfiltrate wallet data. Users who installed the compromised version should rotate keys immediately.

Meridian48 take
This incident underscores the supply-chain risks in crypto development tools, where a single compromised dependency can drain wallets globally.
Read the full reporting
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages →
The Hacker News
supply-chain-attackcrypto-wallet-theft
More security briefs
Go deeper on security
AllAIStartupsBusinessDevicesPolicySecurityDev ToolsPakistan