Live News
CRITICAL
Trending 92%
Breaking News

Hackers Breach Injective SDK Package, Stealing Private Keys in Supply Chain Attack

Attackers compromised the @injectivelabs/sdk-ts NPM package, distributing malware that intercepted private keys and seed phrases across Injective's developer ecosystem.

Telegram

Injective Labs disclosed a critical supply chain attack after hackers gained access to a developer account and injected malicious code into @injectivelabs/sdk-ts version 1.20.21, the official software development kit used to build wallets, decentralized exchanges, DeFi applications, trading bots, and payment services on the Injective network.

The compromised package, which receives approximately 50,000 downloads weekly, was propagated through 17 related Injective packages, putting at least 87 dependent packages at risk with a combined download count exceeding 112,000. The malicious code masqueraded as technical telemetry collection and activated whenever users created or connected a wallet, intercpting seed phrases and private keys before transmitting them to attacker-controlled servers.

The infected version remained available for less than one hour but was downloaded approximately 310 times during that window. The breach posed a direct threat to developer tools that could have propagated the malware into wallets, exchanges, DeFi services, and other applications throughout the Injective ecosystem. Injective Labs did not disclose whether any user funds were compromised, though the brevity of the attack's exposure and NPM's rapid response likely limited the number of affected applications.

The incident underscores growing risks in cryptocurrency development supply chains, where compromised upstream packages can distribute malware at scale. Developers using the affected SDK version are advised to upgrade immediately and audit their applications for unauthorized access.

Source:socket.dev

Related News

Stay updated with the latest crypto news

Subscribe to Our Newsletter

Get the latest crypto news and market analysis delivered to your inbox.

Published on

Updated on