:

INJECTIVE SDK COMPROMISED ON NPM WITH WALLET STEALER

DEV DESK2 MIN READ
THU, JUL 9, 2026

■ AI-SUMMARIZED FROM 1 SOURCE ▸ TIMELINE

Hackers compromised the Injective Labs SDK repository on GitHub and published a malicious package to npm that steals cryptocurrency wallet private keys and seed phrases from developers.

The Injective Labs development team discovered that their SDK project on GitHub had been breached, allowing attackers to deploy a trojanized version of the package to the Node Package Manager registry. Developers who installed the compromised SDK package unknowingly exposed their cryptocurrency wallet credentials. The malicious code extracted private keys and mnemonic seed phrases—critical data needed to access and control blockchain wallets—and transmitted them to attacker-controlled servers. Injective Labs immediately notified the npm security team after identifying the breach. npm removed the malicious package and suspended the affected project. The team released a statement warning developers to review their wallet security if they installed the SDK during the compromise window. Recommended Actions: - Check installation logs for the compromised SDK versions - Rotate wallet private keys and regenerate seed phrases if exposed - Monitor linked wallets for unauthorized transactions - Update to the official patched version once released This incident reflects a broader vulnerability in open-source software distribution. Package repositories like npm, PyPI, and RubyGems remain frequent targets for supply chain attacks because a single compromised project can affect thousands of downstream users. Injective Labs has since implemented additional security measures including enhanced GitHub repository protections and two-factor authentication requirements for npm publishing. The incident underscores the importance of developer vigilance when installing third-party packages, particularly those requiring sensitive credentials. No official statement has specified the exact number of affected users or whether any wallets were successfully drained. Developers are advised to monitor their security advisories and consider using dependency scanning tools to detect compromised packages in their projects.

■ SOURCES

Bleeping Computer

■ SUMMARY WRITTEN BY AI FROM THE LINKS ABOVE

■ MORE FROM THE SECURITY DESK

U.S. federal prosecutors have unsealed charges against three Russian nationals accused of operating a bulletproof hosting service that supported ransomware gangs responsible for over $62 million in damages worldwide.

3H AGOIndustry Desk

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that attackers are actively exploiting three vulnerabilities in Internet-exposed on-premises SharePoint Server instances. Organizations running affected versions must patch immediately.

3H AGOSecurity Desk

Tailscale disclosed a critical vulnerability in its SSH implementation that allowed attackers to gain root access through insecure argument handling. The flaw has been patched in recent versions.

6H AGOAI Desk

A new study found that social media platforms referred over 5.7 million visits to nonconsensual deepfake pornography sites between December 2025 and March 2026, with YouTube and X accounting for the majority of traffic.

8H AGOIndustry Desk

■ SUBSCRIBE TO THE DAILY BRIEF

ONE EMAIL, 5 STORIES, 06:00 UTC. UNSUBSCRIBE ANYTIME.