Injective SDK on npm infected with cryptocurrency wallet stealer

Injective SDK on npm infected with cryptocurrency wallet stealer
Hackers compromised the Injective Labs SDK GitHub repository and used it to publish a malicious npm package that stole cryptocurrency wallet private keys and mnemonic seed phrases. The supply-chain attack affected @injectivelabs/sdk-ts and related packages, putting developers and users of Injective blockchain tools at risk. #InjectiveLabs #InjectiveSDK #npm

Keypoints

  • Attackers breached a legitimate contributor’s GitHub account.
  • They published malicious version 1.20.21 of @injectivelabs/sdk-ts on npm.
  • The malware stole wallet private keys and mnemonic seed phrases during SDK use.
  • Related packages were also pinned to the compromised SDK version.
  • The malicious package was downloaded before being deprecated, and clean version 1.20.23 was released.

Read More: https://www.bleepingcomputer.com/news/security/injective-sdk-on-npm-infected-with-cryptocurrency-wallet-stealer/