Injective npm Package Compromised in Private Key Theft Attempt

robot
Abstract generation in progress
Socket monitoring found that the Injective blockchain npm package @injectivelabs/sdk-ts was maliciously modified with code designed to steal wallet private keys and seed phrases. The package has approximately 50,000 weekly downloads. The malicious version 1.20.21 showed suspicious commits starting June 8 and was pinned across 17 other packages within the Injective Labs npm scope.
INJ0.96%
This page may contain third-party content, which is provided for information purposes only (not representations/warranties) and should not be considered as an endorsement of its views by Gate, nor as financial or professional advice. See Disclaimer for details.
  • Reward
  • Comment
  • Repost
  • Share
Comment
Add a comment
Add a comment
No comments
  • Pinned