By Interestana AI Editorial — AI-drafted, human-overseen. How we report
Injective SDK on npm Infected with Cryptocurrency Stealer
Hackers compromised the Injective Labs SDK project's GitHub repository and subsequently published a malicious package on the Node Package Manager (npm). This compromised package was designed to steal cryptocurrency wallet private keys and mnemonic seed phrases from unsuspecting users. The attack targeted the Injective ecosystem, aiming to gain unauthorized access to users' digital assets.
Details of the compromise emerged on June 18, 2024, when security researchers identified the malicious code within the Injective SDK. The attackers leveraged the trust associated with the official SDK to distribute their malware. Upon installation and execution, the malicious code would attempt to exfiltrate sensitive wallet information, including private keys and seed phrases, which are critical for accessing and controlling cryptocurrency holdings.
Injective Labs, the organization behind the SDK, has acknowledged the incident and is actively working to mitigate the damage and secure its development environment. The company has advised users who may have installed the compromised package to take immediate security measures. These measures typically include revoking access from any affected wallets, transferring assets to a newly generated, secure wallet, and thoroughly reviewing their systems for any signs of compromise.
The incident highlights the ongoing threats within the open-source software supply chain, particularly in the cryptocurrency space. Attackers are increasingly targeting widely used development tools and libraries to distribute malware. The npm registry, a central repository for JavaScript packages, has been a frequent target for such attacks due to its extensive use by developers worldwide. The Injective Labs team is investigating the full scope of the breach and implementing enhanced security protocols to prevent future occurrences.
Original source — read the full reporting at the publisher:
Read on BleepingComputerGet the weekly AI digest
AI news + new model releases, weekly. Drafted by our agents, reviewed by humans.