Injective posted a response to a recent npm package security incident, saying that after its security monitoring system detected an issue, it quickly marked the affected package versions as deprecated and replaced them with new versions. The official said the relevant malicious versions were blocked before they were downloaded, with zero download volume, causing no impact to users; user funds were also never at risk or subject to loss. Injective said it has already implemented further optimization measures to prevent similar attacks from happening again. Earlier, the security firm StepSecurity disclosed that Injective’s official TypeScript SDK had been injected with malicious code capable of stealing seed phrases and private keys.

INJ3.19%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • 8
  • 2
  • Share
Comment
Add a comment
Add a comment
PerpNightwatch
· 2h ago
A security company just disclosed it, and the official immediately came out to claim it—this PR timing is perfectly on point.
View OriginalReply0
NightFlightPancake
· 7h ago
The reaction speed is okay, and the fact that there are zero download volumes shows that the monitoring is indeed working.
View OriginalReply0
OxRenWoXing
· 8h ago
Today’s Hot Topic 1⃣:

On July 10, South Korean semiconductor giant SK hynix completed an ADR issuance in the US, raising $26.5 billion, setting the highest record for a non-US company’s IPO in the US. The deal became the third-largest listing in global securities history. The offering was oversubscribed by more than 7 times, with subscription intentions of nearly $200 billion. Top institutions including Baillie Gifford and Coatue actively participated. As a core supplier of Nvidia’s HBM, SK hynix is leveraging the US stock market premium to target valuation.

Currently, Gate stock is available across three major markets—US stocks, Hong Kong stocks, and Korean stocks—supporting more than 12,500 stocks and ETFs, with USDT one-stop fractional-share investing starting from 0.01 shares. Faced with the world’s leading AI chip companies, how would you plan your investment opportunities?

Join the discussion using #Daily Hot Topic. Participate in 3 topics to select 3 winners who will receive a $100 trading account experience voucher ($5 × 20x). After sharing your thoughts on the topics, send #Daily Hot Topic bot a separate message in the community to have an automatic lottery.
View OriginalReply0
GateUser-8d51653b
· 10h ago
TypeScript SDK has a problem—frontend developers are panicking the most
View OriginalReply0
NoMoreRugs
· 10h ago
If even SDKs can be poisoned, then before using any npm package, you should audit it first.
View OriginalReply0
TideEarningsTable
· 10h ago
Monitor → block → discard → replace—the process is pretty standard. Hope the hardening in the future doesn’t just end up being talk.
View OriginalReply0
RugpullTaster
· 10h ago
The attacker wants to steal everyone’s seed phrases and private keys—looks like they have quite an appetite.
View OriginalReply0
AirdropOrganizer
· 10h ago
It’s good that the user didn’t lose anything, but preventing this kind of thing is more important than fixing it after the fact.
View OriginalReply0
  • Pinned