PANews|7月 10, 2026 03:21
[Security Company: Hackers Attempt to Implant Backdoor in Injective npm Package to Steal Wallet Keys]
According to a report by Cointelegraph, security company Socket discovered that the npm package @injectivelabs/sdk-ts of the Injective blockchain was maliciously modified. Attackers infiltrated a developer's GitHub account to implant malicious code designed to steal wallet private keys and mnemonic phrases, encoding the stolen data and sending it to an address disguised as a legitimate Injective network server. The package has an approximate weekly download volume of 50,000. The malicious version 1.20.21 began showing suspicious commits on June 8 and was locked within 17 other packages under the Injective Labs npm scope, meaning users who did not directly install this SDK could also be affected.
Share To
Timeline
HotFlash
APP
X
Telegram
CopyLink