CyberSecurity News
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
AI summary
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository, using it to publish a malicious package on the npm registry. This package, version @injectivelabs/sdk-ts@1.20.21, was designed to steal cryptocurrency wallet private keys and mnemonic seed phrases. The malicious version included fake telemetry functionality that allowed it to exfiltrate data from cryptocurrency wallets. The compromise was used to push this malicious package, which targeted cryptocurrency users. The malicious package was embedded with data-stealing capabilities.
This is an AI-generated brief aggregated by HackerFeeds for convenience and grounded in the source’s own summary; the related CVE, threat-group and country data is from HackerFeeds’ own indexes. The original article is the authoritative source — all rights belong to The Hacker News.

