Injective npm Package Compromised with Wallet Key-Stealing Code Downloaded 310+ Times Since June 8

INJ1.73%
According to Cointelegraph, security firm Socket discovered that the Injective blockchain's npm package @injectivelabs/sdk-ts was maliciously modified starting June 8, with attackers injecting code to steal wallet private keys and seed phrases after compromising a developer's GitHub account. The malicious code encoded stolen data and sent it to a server disguised as an Injective network service. The package sees roughly 50,000 downloads weekly; the compromised version has been downloaded over 310 times. Injective CEO Eric Chen stated the issue has been fixed and affected versions deprecated, with no funds at risk. However, Socket said the attack remains incompletely contained.
Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments