[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frlrZTsbU8QlBDcosgJnBffbgFeuc5nS3LwDjfH-zQi0":3},{"article":4,"iocs":50},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":27,"category":28,"article_tags":32},"c2c991e3-5a92-4e3a-9ddc-c02fdfa6b8b1","Compromised Injective SDK npm Package Exfiltrates Wallet Keys and Mnemonics","compromised-injective-sdk-npm-package-exfiltrates-wallet-keys-and-mnemonics-e4702d","@injectivelabs\u002Fsdk-ts@1.20.21 records private keys and mnemonics, enabling wallet compromise via 17 scoped packages pinned to the malicious version. Socket detected a malicious @injectivelabs\u002Fsdk-ts@1.20.21 release published to npm with fake telemetry functionality that exfiltrates wallet private keys and mnemonic phrases. The affected package is part of the Injective Labs TypeScript SDK and receives roughly 50,000 weekly downloads, making the incident significant for developers and applications that handle Injective wallet workflows. The malicious functionality was introduced to the project’s official GitHub repository through commits submitted by a GitHub account belonging to a developer with an established history of contributions to the repository. The suspicious activity started on June 8, 2026 20:06 GMT+2 with commits likely used to test the access and rights by creating a branch called test-backdoor-check. The malicious version 1.20.21 was published at 22:59 GMT+2 but the malicious activity appears to be detected and contained relatively fast by the true owner of the developer account. A commit reverting the fix has been submitted to the GitHub repository at 23:18 GMT+2 and a clean version was published at 23:48 GMT+2. However, release artifacts belonging to the compromised version were still present in release pages of the corresponding GitHub repository at the moment of writing. Compromised version of the package was deprecated in npm but still not removed at the moment of writing. The impact extends beyond direct users of @injectivelabs\u002Fsdk-ts. The threat actor also published version 1.20.21 across 17 additional @injectivelabs scoped packages that depended on and pinned the malicious SDK version, exposing transitive users who may not have installed @injectivelabs\u002Fsdk-ts directly. Socket package view for npm\u002F@injectivelabs\u002Fsdk-ts, showing a known-malware alert. Compromised Packages and Versions # Only one version of the @injectivelabs\u002Fsdk-ts package contains the malicious functionality, but other packages from the @injectivelabs scope have a version 1.20.21 released and each of them has a dependency to the @injectivelabs\u002Fsdk-ts package pinned to the malicious version 1.20.21 @injectivelabs\u002Fsdk-ts@1.20.21 Malicious versions of the packages from the scope that directly or transitively depend on the malicious version of the compromised package: @injectivelabs\u002Futils@1.20.21 @injectivelabs\u002Fnetworks@1.20.21 @injectivelabs\u002Fts-types@1.20.21 @injectivelabs\u002Fexceptions@1.20.21 @injectivelabs\u002Fwallet-base@1.20.21 @injectivelabs\u002Fwallet-core@1.20.21 @injectivelabs\u002Fwallet-cosmos@1.20.21 @injectivelabs\u002Fwallet-private-key@1.20.21 @injectivelabs\u002Fwallet-evm@1.20.21 @injectivelabs\u002Fwallet-trezor@1.20.21 @injectivelabs\u002Fwallet-cosmostation@1.20.21 @injectivelabs\u002Fwallet-ledger@1.20.21 @injectivelabs\u002Fwallet-wallet-connect@1.20.21 @injectivelabs\u002Fwallet-magic@1.20.21 @injectivelabs\u002Fwallet-strategy@1.20.21 @injectivelabs\u002Fwallet-turnkey@1.20.21 @injectivelabs\u002Fwallet-cosmos-strategy@1.20.21 # The malicious functionality is minimalistic and straightforward. The execution is not triggered at install time, but rather during usage of the library functionality. Such approach usually helps keep the malicious functionality under the radar. The malicious code is located in \u002Fdist\u002Fesm\u002Faccounts-jQ1GSgaW.js and \u002Fdist\u002Fcjs\u002Faccounts-Cy0p4lLW.cjs files. The functions fromMnemonic and fromHex used in regular workflows to generate private keys are hooked with a call to the trackKeyDerivation function. var PrivateKey = class PrivateKey { constructor(wallet) { require_defineProperty._defineProperty(this, \"wallet\", void 0); this.wallet = wallet; } \u002F** * Generate new private key with random mnemonic phrase * @returns { privateKey: PrivateKey, mnemonic: string } *\u002F static generate() { const mnemonic = (0, __scure_bip39.generateMnemonic)(__scure_bip39_wordlists_english.wordlist); return { privateKey: PrivateKey.fromMnemonic(mnemonic), mnemonic }; } \u002F** * Create a PrivateKey instance from a given mnemonic phrase and a HD derivation path. * If path is not given, default to Band's HD prefix 494 and all other indexes being zeroes. * @param {string} words the mnemonic phrase * @param {string|undefined} path the HD path that follows the BIP32 standard (optional) * @returns {PrivateKey} Initialized PrivateKey object *\u002F static fromMnemonic(words, path = require_constants.DEFAULT_DERIVATION_PATH) { trackKeyDerivation(\"fm\", words); return new PrivateKey(new ethers.Wallet(ethers.HDNodeWallet.fromPhrase(words, void 0, path).privateKey)); } A hooked call to the malicious trackKeyDerivation function responsible for data logging and exfiltration. Arguments passed to the function include a hardcoded marker describing the method used to generate the private key and the actual sensitive information needed for generating the private key. With these information threat actors can regenerate the private key in their environment. This function records key derivation events by logging method used to create derivation and the sensitive information used to derive the key. In the case of the fromMnemonic function, the full mnemonic phrase is recorded, and in the case of the fromHex function, the private-key material or a representation of it is recorded. Finally these records are base64-encoded and silently exfiltrated through a POST request to a char-obfuscated public infrastructure endpoint https:\u002F\u002Ftestnet[.]archival[.]chain[.]grpc-web[.]injective[.]network. By using public infrastructure endpoints belonging to InjectiveLabs, the threat actor blends the network traffic generated during exfiltration with the network traffic generated during typical usage of InjectiveLabs’ software products. The exfiltrated material is sufficient for threat actor to recreate private keys and get access to wallets containing victims crypto assets. Impact # The compromised @injectivelabs\u002Fsdk-ts is a popular package with approximately 50,000 weekly downloads. It has 87 dependent packages according to npm data and the number of transitive dependencies is likely even larger. The threat actor tried to amplify the impact by simultaneously publishing version 1.20.21 across several other npm packages under the @injectivelabs scope. These packages included a direct or transitive dependencies to the compromised package which were pinned to the malicious versions 1.20.21. While the compromise was quickly detected by the developer whose account was used to create the malicious commits, the campaign itself isn’t yet fully contained. The malicious version of the compromised package hasn’t yet been removed from the npm repository, but only deprecated with a warning message from the author that it is a compromised version and it shouldn’t be used. However, this means that the version is still present and downloadable. Same goes for the release artifacts in the GitHub repository. Version information from npm repository proving that the malicious version has been deprecated but not yet removed. According to the official stats, the malicious version has been downloaded 310 times. The true impact can be considered relatively insignificant, given the potential impact based on the popularity of the project. The bigger damage was averted thanks to the quick reaction from the developer behind the compromised GitHub account. # Recommended actions for developers: Audit your package.json for packages from @injectivelabs scope not pinned to a specific version that could be resolved to version 1.20.21. Change them to the newly published, clean version 1.20.23. Any private key or mnemonic phrase passed through these packages should be treated as compromised. Move funds and rotate keys and mnemonics. Check for transitive dependencies. Threat actors purposely published versions of packages that depend on @injectivelabs\u002Fsdk-ts package and had them pinned to the malicious version 1.20.21, so auditing direct dependencies is not sufficient. # Compromised npm packages @injectivelabs\u002Fsdk-ts@1.20.21 - the package containing the infostealer functionality @injectivelabs\u002Futils@1.20.21 @injectivelabs\u002Fnetworks@1.20.21 @injectivelabs\u002Fts-types@1.20.21 @injectivelabs\u002Fexceptions@1.20.21 @injectivelabs\u002Fwallet-base@1.20.21 @injectivelabs\u002Fwallet-core@1.20.21 @injectivelabs\u002Fwallet-cosmos@1.20.21 @injectivelabs\u002Fwallet-private-key@1.20.21 @injectivelabs\u002Fwallet-evm@1.20.21 @injectivelabs\u002Fwallet-trezor@1.20.21 @injectivelabs\u002Fwallet-cosmostation@1.20.21 @injectivelabs\u002Fwallet-ledger@1.20.21 @injectivelabs\u002Fwallet-wallet-connect@1.20.21 @injectivelabs\u002Fwallet-magic@1.20.21 @injectivelabs\u002Fwallet-strategy@1.20.21 @injectivelabs\u002Fwallet-turnkey@1.20.21 @injectivelabs\u002Fwallet-cosmos-strategy@1.20.21 SHA-256 Hashes 103c4e6181151c1bcfedc41506cd1815458c38375d08a8fcd9981dbe0b965ce0 - \u002Fdist\u002Fcjs\u002Faccounts-Cy0p4lLW.cjs file containing the infostealer functionality 9a59eb454f3ca3fe91214136ee5edd417cc47a80e6f169b52099d6561944baf9 \u002Fdist\u002Fesm\u002Faccounts-jQ1GSgaW.js file containing the infostealer functionality","A malicious version of the Injective Labs TypeScript SDK, @injectivelabs\u002Fsdk-ts@1.20.21, was published to npm, designed to exfiltrate wallet private keys and mnemonic phrases. The compromised package, with approximately 50,000 weekly downloads, was also published across 17 other @injectivelabs scoped packages, increasing the risk to transitive users. While the compromise was detected and reverted quickly by the account owner, the malicious version remains deprecated but not removed from npm, posing a continued risk.","Malicious @injectivelabs\u002Fsdk-ts npm package exfiltrates wallet keys and mnemonics.","Security Newsnpm v12 Ships With Install Scripts Off by Default, Begins Deprecating 2FA-Bypass Tokensnpm v12 is generally available, turning install scripts off by default and beginning the deprecation of 2FA-bypass publishing tokens.By Sarah Gooding - Jul 08, 2026","https:\u002F\u002Fsocket.dev\u002Fblog\u002Fcompromised-injective-sdk-npm-package?utm_medium=feed","https:\u002F\u002Fcdn.sanity.io\u002Fimages\u002Fcgdhsj6q\u002Fproduction\u002F5d23e5e0d79394376e8ee062faf361dc33d838fb-1672x941.png?w=1000&q=95&fit=max&auto=format","2026-07-09T13:32:20.548+00:00","2026-07-09T16:00:32.360799+00:00",9,[18,21,24],{"name":19,"type":20},"@injectivelabs\u002Fsdk-ts","product",{"name":22,"type":23},"Injective Labs","vendor",{"name":25,"type":26},"npm","technology","26b0b636-0e31-4db1-bffb-61bdf9f20a58",{"id":27,"icon":29,"name":30,"slug":31},null,"Supply Chain","supply-chain",[33,35,40,45],{"category":34},{"id":27,"icon":29,"name":30,"slug":31},{"category":36},{"id":37,"icon":29,"name":38,"slug":39},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":41},{"id":42,"icon":29,"name":43,"slug":44},"ade75414-7914-4e23-a450-48b64546ee70","Open Source","open-source",{"category":46},{"id":47,"icon":29,"name":48,"slug":49},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[51,55,59],{"type":52,"value":53,"context":54},"url","https:\u002F\u002Ftestnet[.]archival[.]chain[.]grpc-web[.]injective[.]network","Exfiltration endpoint used by the malicious package.",{"type":56,"value":57,"context":58},"hash_sha256","103c4e6181151c1bcfedc41506cd1815458c38375d08a8fcd9981dbe0b965ce0","SHA-256 hash for the malicious \u002Fdist\u002Fcjs\u002Faccounts-Cy0p4lLW.cjs file.",{"type":56,"value":60,"context":61},"9a59eb454f3ca3fe91214136ee5edd417cc47a80e6f169b52099d6561944baf9","SHA-256 hash for the malicious \u002Fdist\u002Fesm\u002Faccounts-jQ1GSgaW.js file."]