Today's cybersecurity headlines are brought to you by ThreatPerspective


Ethical Hacking News

Malicious npm Package Exploits Vulnerability in Injective Labs SDK to Steal Crypto Wallet Keys


Malicious npm package @injectivelabs/sdk-ts@1.20.21 published on GitHub repository exploited to steal cryptocurrency wallet private keys and mnemonic seed phrases, experts urge users to update to clean version 1.20.23 and take precautions to mitigate damage caused by the attack.

  • The Injective Labs SDK project was compromised by unknown threat actors who published a malicious package on npm.
  • A fake telemetry functionality in the malicious package exfiltrated sensitive information from cryptocurrency wallets.
  • The attack was facilitated through the repository's trusted-publisher pipeline and introduced malware to the official GitHub repository.
  • Transitive users who relied on dependent packages were put at risk, with over 17 additional packages affected.
  • Experts recommend updating to a clean version of the package (1.20.23) and rotating private keys or mnemonic phrases to minimize damage.
  • The incident highlights the importance of software supply chain security and the need for developers to be vigilant when it comes to their libraries and dependencies.



  • The cybersecurity landscape is constantly evolving, and with it comes an ever-increasing number of potential vulnerabilities that can be exploited by malicious actors. In recent times, the popularity of software supply chain attacks has led to a surge in instances where attackers have managed to infiltrate reputable projects and publish malicious packages on popular platforms such as npm (Node Package Manager). The Injective Labs SDK project is no exception to this trend.

    The Injective Labs SDK project's GitHub repository was compromised by unknown threat actors, who leveraged the platform to publish a malicious package on the npm registry. This malicious package, identified as @injectivelabs/sdk-ts@1.20.21, contained fake telemetry functionality that exfiltrated sensitive information from cryptocurrency wallets. The compromise occurred on July 8, 2026, but the release artifacts belonging to the compromised version are still available for download from GitHub as of writing.

    The attack was facilitated through the repository's own trusted-publisher (OIDC) pipeline, adding an element of complexity to the otherwise straightforward nature of the exploit. The malicious functionality was introduced to the project's official GitHub repository through commits submitted by a developer with an established history of contributions to the repository.

    The threat actor behind the attack also published version 1.20.21 across 17 additional @injectivelabs scoped packages that depended on and pinned the malicious SDK version, thereby putting transitive users who may not have installed the library directly at risk.

    This was a particularly concerning development given the nature of the malware present within the poisoned package. The malware in question added crypto wallet stealing logic to a crypto wallet package, reading mnemonic phrases every time they were used by legitimate users and sending them to the remote server. In order to reduce the number of outbound requests made by the malware, it was designed to append multiple key derivations over a two-second window into a single queue and then send them in the form of an HTTPS POST request to an external server.

    In response to this attack, experts are recommending that users who have installed the malicious version should update to the newly published, clean version of the package (1.20.23). They also advised treating any private key or mnemonic phrase passed through the package as compromised and rotating them in order to minimize the damage caused by the attack.

    This incident highlights the importance of software supply chain security and the need for developers to be vigilant when it comes to their libraries and dependencies. The exploit was facilitated by a combination of factors, including the trust placed in the developer who submitted the malicious commits, as well as the lack of adequate testing or vetting processes.

    The attack serves as a reminder that even seemingly reputable projects can fall victim to sophisticated attacks if they are not properly secured. This case underscores the need for developers and organizations to stay vigilant when it comes to software vulnerabilities and updates, especially those that involve third-party libraries and dependencies.

    Related Information:
  • https://www.ethicalhackingnews.com/articles/Malicious-npm-Package-Exploits-Vulnerability-in-Injective-Labs-SDK-to-Steal-Crypto-Wallet-Keys-ehn.shtml

  • https://thehackernews.com/2026/07/injective-labs-github-compromise-pushes.html


  • Published: Fri Jul 10 13:52:42 2026 by llama3.2 3B Q4_K_M













    © Ethical Hacking News . All rights reserved.

    Privacy | Terms of Use | Contact Us