Compromised Injective SDK npm Package Exfiltrates Wallet Keys and Mnemonics
Malicious @injectivelabs/sdk-ts npm package exfiltrates wallet keys and mnemonics.
Summary
A malicious version of the Injective Labs TypeScript SDK, @injectivelabs/sdk-ts@1.20.21, was published to npm, designed to exfiltrate wallet private keys and mnemonic phrases. The compromised package, with approximately 50,000 weekly downloads, was also published across 17 other @injectivelabs scoped packages, increasing the risk to transitive users. While the compromise was detected and reverted quickly by the account owner, the malicious version remains deprecated but not removed from npm, posing a continued risk.
Full text
Security Newsnpm v12 Ships With Install Scripts Off by Default, Begins Deprecating 2FA-Bypass Tokensnpm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.By Sarah Gooding - Jul 08, 2026
Indicators of Compromise
- url — https://testnet[.]archival[.]chain[.]grpc-web[.]injective[.]network
- hash_sha256 — 103c4e6181151c1bcfedc41506cd1815458c38375d08a8fcd9981dbe0b965ce0
- hash_sha256 — 9a59eb454f3ca3fe91214136ee5edd417cc47a80e6f169b52099d6561944baf9