#3
The Hacker News
general
July 10, 2026 at 17:29 UTC
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
By [email protected] (The Hacker News)
AI Summary
Attackers compromised the Injective Labs SDK GitHub repository and published malicious npm package @injectivelabs/[email protected], which embedded fake telemetry functionality to exfiltrate cryptocurrency wallet private keys and mnemonic seed phrases. The incident represents a classic software supply chain attack targeting the Web3/DeFi ecosystem, where a single compromised dependency can drain multiple users' wallets.
Relevance score: 79.0/100
Sponsored
Protect Your Business
Expert cybersecurity solutions to safeguard your organization from evolving threats.
Get Protected →