Injective npm Package Backdoor Targeted Wallet Keys

robot
Abstract generation in progress
Security firm Socket found an Injective npm package with around 50,000 weekly downloads was modified to steal wallet private keys and seed phrases. Socket said the malicious code was removed, but the malware had been downloaded more than 300 times and the campaign was not yet fully contained. Injective CEO Eric Chen said the affected versions were deprecated and no funds on the network were at risk.
INJ0.96%
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned