Injective Labs GitHub Compromise Distributes Malicious npm Package Targeting Crypto Wallet Keys
itsecuritynews.info Jul 12, 2026

Injective Labs GitHub Compromise Distributes Malicious npm Package Targeting Crypto Wallet Keys

AI-summarised brief · reviewed before publication

Cybersecurity researchers identified a sophisticated supply chain attack targeting Injective Labs, where threat actors compromised a trusted maintainer’s GitHub account to distribute a malicious npm package. The backdoored @injectivelabs/sdk-ts version 1.20.21 was published on July 8, 2026, and later deprecated, though distribution channels remained active. The malware, disguised as performance telemetry, targeted cryptographic functions within wallet generation features. Unlike typical install-time malware, it exfiltrated mnemonic seed phrases and private keys only when developers utilized specific SDK functions. Attackers aggregated data exfiltration into single encrypted HTTPS sessions to evade detection. The compromise affected seventeen related packages, including utility and networking modules, potentially impacting developers who did not directly install the SDK. Researchers confirmed the threat intercepted master recovery phrases, granting adversaries full access to wallet funds. Injective Labs released version 1.20.23 to mitigate the vulnerability. Security experts advise developers to update immediately and review their private key management practices to prevent unauthorized access to blockchain assets.

💡 Why It Matters

  • · By hijacking legitimate OpenID Connect publishing pipelines, attackers bypassed traditional security checks, proving that trusted infrastructure is a critical vulnerability in software supply chains.
  • · This stealthy, usage-triggered exfiltration method renders standard installation-time malware detection ineffective, forcing developers to rethink how they verify cryptographic dependencies.