Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Article summary
Quick briefing — cleaned from the original RSS feed
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was
1Key Takeaways
- Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases.
- The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets.
2AIWedia Score
8.4/10
High relevance — worth your attention today
Based on source trust, recency, category impact, and story depth.
3Why it matters
Open-source releases can democratize capabilities and pressure proprietary pricing. The Hacker News reports that unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases.
Explore related
Browse toolsRelated tools
Open Source AI news
Explore curated open source ai tools on AIWedia — compare, rank, and launch from our directory.
Full story on The Hacker News
Read full articleHeadlines aggregated via RSS for discovery on AIWedia. Original content © The Hacker News. We link to the source and do not republish full articles.
