A compromised version 1.20.21 of @injectivelabs/sdk-ts was published with hidden code that stole BIP-39 mnemonic seed phrases and private keys by disguising the theft as SDK telemetry. The malicious behavior used a fake Injective testnet endpoint for exfiltration, was live for about 49 minutes, and was removed in version 1.20.23. #injectivelabs #sdk-ts #Injective #BIP39 #PrivateKey #GitHub
Keypoints
- @injectivelabs/sdk-ts version 1.20.21 was published on npm with a hidden credential-stealing module.
- The malicious code was introduced through a GitHub commit that appeared to come from a legitimate maintainer.
- The code hooked PrivateKey.fromMnemonic() and PrivateKey.fromHex() to capture mnemonic seed phrases and private keys when wallets were loaded.
- Stolen data was base64-encoded and sent in the X-Request-Id HTTP header to a remote endpoint.
- The endpoint was disguised as a legitimate Injective testnet archival gRPC-Web service: testnet.archival.chain.grpc-web.injective[.]network.
- The malicious version was available for about 49 minutes before being reverted, and version 1.20.23 was released without the malicious code.
- The compromise was reported publicly in GitHub issue #697, and Datadog provided guidance for hunting affected systems and exfiltration traffic.
MITRE Techniques
- [T1056.001] Input Capture: Keylogging – The malicious SDK captured sensitive wallet material at the moment of key derivation by hooking wallet-loading functions (‘capturing raw BIP-39 mnemonic seed phrases and private keys when a wallet is loaded’).
- [T1027] Obfuscated Files or Information – The exfiltration domain and telemetry-like behavior were obscured with obfuscated code (‘contains the malicious source code in an obfuscated format’ and the endpoint was hidden in encoded character arrays).
- [T1041] Exfiltration Over C2 Channel – Stolen secrets were sent to a remote server as part of normal-looking HTTPS POST traffic (‘base64-encoded and smuggled inside the X-Request-Id HTTP header’).
- [T1071.001] Web Protocols – The payload was transmitted over HTTP/HTTPS to blend into legitimate web traffic (‘fetch(_ep, { method: ‘POST’ … })’).
- [T1195.001] Supply Chain Compromise: Compromise Software Dependencies and Development Tools – A malicious npm package release delivered the backdoor to downstream developers (‘version 1.20.21 of @injectivelabs/sdk-ts … was published with a hidden credential-stealing module’).
- [T1552.001] Unsecured Credentials: Credentials In Files – The compromise targeted exposed secret material in memory/code paths, specifically mnemonic seed phrases and private keys (‘capturing raw BIP-39 mnemonic seed phrases and private keys’).
Indicators of Compromise
- [Domain] Exfiltration destination disguised as an Injective testnet service – testnet.archival.chain.grpc-web.injective[.]network, hexhole.injective[.]network (reported by the initial issue)
- [npm package] Affected package and malicious release – @injectivelabs/sdk-ts version 1.20.21, later cleaned in 1.20.23
- [Git commit] Malicious and follow-up commits – 0121928, fd105db, 5486f13, and revert commit 7c4b1a0
- [GitHub issue] Public compromise report – issue #697 in the injective-ts repository
- [File path] Backdoored source file – packages/sdk-ts/src/core/accounts/PrivateKey.ts
- [HTTP header] Exfiltration carrier – X-Request-Id used to smuggle base64-encoded secrets