BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

Injective npm package hacked to steal crypto keys

Supply chain attack compromises Injective npm package to steal wallet private keys and seed phrases

  • Hackers compromised the @injectivelabs/sdk-ts npm package with Malware designed to steal crypto wallet private keys and seed phrases.
  • The supply chain attack leveraged a compromised developer GitHub account to push malicious code through fake telemetry.
  • Wallet compromises have become the most costly attack vector in 2026, with $444 million stolen across 33 incidents so far this year.

Security firm Socket discovered on Thursday that a widely used npm package with roughly 50,000 weekly downloads for building on the Injective blockchain was maliciously modified to steal wallet private keys and seed phrases. The large download volume makes the incident “significant for developers and applications that handle Injective wallet workflows,” Socket researchers said.

- Advertisement -

The software supply chain attack targets trusted developer tools rather than a blockchain’s cryptography or smart contracts directly. Version 1.20.21 of the @injectivelabs/sdk-ts package was altered through a compromised developer GitHub account, with suspicious commits beginning June 8.

Injective is an interoperable layer 1 designed for DeFi applications, though its total value locked has shrunk by 88% to $8.2 million from its $71 million peak in mid-2024, according to data from DefiLlama. The malicious release hooked wallet key-derivation functions, secretly recording private keys and mnemonics before exfiltrating them through fake telemetry.

The compromised data was encoded and sent to a web address resembling a legitimate Injective network server. Socket stated that any keys or mnemonics passed through affected packages should be treated as compromised.

Injective CEO Eric Chen said the issue is already fixed and affected versions on npm are deprecated. No funds on the network are at risk, he added, though Socket did not specify whether any funds were stolen.

- Advertisement -

The Security Alliance (SEAL) reported that attackers are increasingly using legitimate platforms like GitHub, npm and Google to deliver payloads. Wallet compromises were the most costly attack vector in the first half of 2026, with $444 million stolen across 33 incidents, CertiK reported.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Musk Admits He Was Wrong About Anthropic, Calls It AI Leader

Elon Musk admitted he was "clearly wrong" about Anthropic, calling the AI company the...

Coinbase CLO Paul Grewal steps down, names successors

Coinbase Chief Legal Officer Paul Grewal will step down on July 31 and move...

npm 12 disables install scripts, phases out 2FA bypass tokens

GitHub released npm version 12 with install scripts disabled by default, making previously automatic...

Ethereum Foundation deploys AI agents to hunt for network bugs

Ethereum Foundation researchers deployed AI agents to red-team critical network infrastructure, uncovering real bugs.The...

Ethereum May Be Forming Short-Term Bottom, Says Ex-BofA Strategist

Ethereum may be forming a short-term bottom, according to a chart shared by Tom...

Must Read

How to Set Up a Simple Bitcoin Tip Jar for Your Site or Stream

QUICK LINKSWhat a tip jar is, in plain wordsWhat you needBuild a payment link that just worksAdd a QR code that actually scansWhere to...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading