Home / Jul 12, 2026 / Story
0
#3 The Hacker News general July 10, 2026 at 17:29 UTC

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

By [email protected] (The Hacker News)

AI Summary

Attackers compromised the Injective Labs SDK GitHub repository and published malicious npm package @injectivelabs/[email protected], which embedded fake telemetry functionality to exfiltrate cryptocurrency wallet private keys and mnemonic seed phrases. The incident represents a classic software supply chain attack targeting the Web3/DeFi ecosystem, where a single compromised dependency can drain multiple users' wallets.

Relevance score: 79.0/100

# More from July 12