Injective posted a response saying it has addressed a recent npm software package security incident. It said that after its security monitoring system detected an issue, it quickly marked the affected package versions as deprecated and replaced them with new versions. The official said the relevant malicious versions were blocked before they could be downloaded, with zero downloads, causing no impact to users. It added that users’ funds were never at risk and no losses were suffered. Injective said it has now implemented further optimization measures to prevent similar attacks from happening again. Previously, the security firm StepSecurity disclosed that Injective’s official TypeScript SDK had been tampered with using malicious code designed to steal mnemonics and private keys.

INJ-1.27%
View Original
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned