BTC
ETH
HTX
SOL
BNB
View Market
简中
繁中
English
日本語
한국어
ภาษาไทย
Tiếng Việt

Injective npm Package Compromised, Hackers Attempt to Steal Wallet Private Keys and Seed Phrases

2026-07-10 03:22

Odaily Odaily reports that according to Socket monitoring, the Injective blockchain npm package @injectivelabs/sdk-ts has been maliciously modified. The attacker infiltrated a developer's GitHub account to implant malicious code designed to steal wallet private keys and seed phrases. The stolen data is encoded and sent to an address disguised as a legitimate Injective network server. This package has approximately 50,000 weekly downloads. The malicious version 1.20.21 showed suspicious commits starting June 8 and has been pinned across 17 other packages within the Injective Labs npm scope. Users who did not directly install the SDK may also be affected.