Socket detected a malicious @injectivelabs/[email protected] release on npm that steals wallet private keys and mnemonic phrases through fake telemetry. The attack also spread the pinned malicious version to 17 other @injectivelabs packages, exposing both direct and transitive users. #injectivelabs #Socket

Keypoints

  • @injectivelabs/[email protected] was published to npm with code that exfiltrates private keys and mnemonic phrases.
  • The malicious behavior is triggered during library use, not during installation, helping it avoid immediate detection.
  • The compromised package is part of the Injective Labs TypeScript SDK and has about 50,000 weekly downloads.
  • The threat actor also pushed version 1.20.21 to 17 additional @injectivelabs scoped packages that pinned the malicious SDK version.
  • The suspicious commits began on June 8, 2026, and the malicious release was quickly reverted, with a clean version later published.
  • Although deprecated on npm, the compromised version and related GitHub release artifacts were still present at the time of writing.
  • Developers using affected packages should treat any passed private keys or mnemonic phrases as compromised and rotate funds and credentials.

MITRE Techniques

  • [T1195.001 ] Compromise Software Dependencies and Development Tools – The attacker tampered with a trusted npm package and related scoped packages to distribute malicious code. (‘published a malicious @injectivelabs/[email protected] release to npm’ and ‘published version 1.20.21 across 17 additional @injectivelabs scoped packages’)
  • [T1056 ] Input Capture – The malicious code captured mnemonic phrases and private-key material when wallet-related functions were used. (‘the full mnemonic phrase is recorded’ and ‘the private-key material or a representation of it is recorded’)
  • [T1041 ] Exfiltration Over C2 Channel – The stolen data was base64-encoded and sent out via POST requests to a public endpoint. (‘silently exfiltrated through a POST request to a char-obfuscated public infrastructure endpoint’)
  • [T1027 ] Obfuscated Files or Information – The exfiltration target was char-obfuscated to conceal the endpoint. (‘a char-obfuscated public infrastructure endpoint https://testnet[.]archival[.]chain[.]grpc-web[.]injective[.]network’)
  • [T1567.002 ] Exfiltration to Cloud Storage – The attacker used a public infrastructure endpoint belonging to InjectiveLabs to blend in with legitimate traffic. (‘By using public infrastructure endpoints belonging to InjectiveLabs, the threat actor blends the network traffic’)

Indicators of Compromise

  • [npm packages] compromised and pinned releases – @injectivelabs/[email protected], @injectivelabs/[email protected], and 15 more @injectivelabs packages
  • [SHA-256 hashes] malicious build artifacts – 103c4e6181151c1bcfedc41506cd1815458c38375d08a8fcd9981dbe0b965ce0, 9a59eb454f3ca3fe91214136ee5edd417cc47a80e6f169b52099d6561944baf9
  • [Domain / URL] exfiltration endpoint – testnet[.]archival[.]chain[.]grpc-web[.]injective[.]network
  • [File names / paths] malicious package files – /dist/cjs/accounts-Cy0p4lLW.cjs, /dist/esm/accounts-jQ1GSgaW.js
  • [GitHub artifact / release] compromised repository artifacts – release artifacts for version 1.20.21, clean version 1.20.23


Read more: https://socket.dev/blog/compromised-injective-sdk-npm-package