Injective npm package maliciously modified, hackers attempted to steal wallet private keys and seed phrases

robot
Abstract generation in progress

BlockBeats news. On July 10, according to Socket monitoring, the Injective blockchain npm package @injectivelabs/sdk-ts was maliciously modified. The attacker compromised a developer’s GitHub account, implanted malicious code to steal wallet private keys and seed phrases, encoded the stolen data, and sent it to an address disguised as a legitimate Injective network server.

The package has about 50,000 weekly downloads. The malicious version 1.20.21 began to have suspicious commits on June 8, and was locked in 17 other packages within the Injective Labs npm scope. Users who did not directly install this SDK may also be affected.

INJ0.99%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned