🚨 INJECTIVE'S OFFICIAL SDK WAS BACKDOORED TO STEAL WALLET KEYS.


A trusted developer's GitHub account got hijacked.
The attacker hooked a malicious code directly into the function that turns your seed phrase into a signing key.
It spread across 17 packages automatically. Disguised as fake analytics traffic. Luckily it was caught in under 90 minutes still enough time for real damage.
If you built on $INJ this week, check your dependency version now.
INJ-0.18%
post-image
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned