BTC
ETH
HTX
SOL
BNB
Xem thị trường
简中
繁中
English
日本語
한국어
ภาษาไทย
Tiếng Việt

Injective npm Package Hit by Malicious Tampering, Hackers Attempt to Steal Wallet Private Keys and Seed Phrases

2026-07-10 03:22

Odaily Planet Daily News: According to Socket monitoring, the Injective blockchain npm package @injectivelabs/sdk-ts has been maliciously tampered with. Attackers compromised the developer's GitHub account to inject malicious code designed to steal wallet private keys and seed phrases, which were then encoded and sent to an address masquerading as a legitimate Injective network server. This package has approximately 50,000 weekly downloads, with the malicious version 1.20.21 showing suspicious commits starting June 8th. The malicious code was also locked across 17 other packages within the Injective Labs npm scope, potentially affecting users who did not directly install the SDK.