Injective posted a response to a recent npm package security incident, saying that after its security monitoring system identified an issue, it quickly marked the affected package versions as deprecated and replaced them with new versions. The official said the relevant malicious versions were blocked before they were downloaded, with zero download volume, causing no impact to users and that users’ funds had never been at risk or suffered any loss. Injective added that further optimization measures have now been implemented to prevent similar attacks from happening again. Previously, the security firm StepSecurity disclosed that Injective’s official TypeScript SDK had been implanted with malicious code capable of stealing mnemonic phrases and private keys.

INJ3.51%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned