Security company Socket discovers malicious code implanted in Injective blockchain npm package

AiCoin
AiCoin|7月 10, 2026 03:21
According to Cointelegraph, security company Socket has discovered that the npm package @ injivelabs/sdk ts for Injective blockchain has been maliciously modified. The attacker infiltrated the developer's GitHub account and implanted malicious code that stole wallet private keys and mnemonics, and sent the data to an address disguised as a legitimate Injective network server. The software package has been downloaded approximately 50000 times per week, and the malicious version 1.20.21 has been suspected of submitting since June 8th and has been locked in 17 other packages within the scope of Injective Labs npm.
Share To

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads