PANews
PANews|7月 10, 2026 03:21
[Security Company: Hackers Attempt to Implant Backdoor in Injective npm Package to Steal Wallet Keys] According to a report by Cointelegraph, security company Socket discovered that the npm package @injectivelabs/sdk-ts of the Injective blockchain was maliciously modified. Attackers infiltrated a developer's GitHub account to implant malicious code designed to steal wallet private keys and mnemonic phrases, encoding the stolen data and sending it to an address disguised as a legitimate Injective network server. The package has an approximate weekly download volume of 50,000. The malicious version 1.20.21 began showing suspicious commits on June 8 and was locked within 17 other packages under the Injective Labs npm scope, meaning users who did not directly install this SDK could also be affected.
+5
Mentioned
Share To

Timeline

HotFlash

APP

X

Telegram

Facebook

Reddit

CopyLink

Hot Reads