Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Summary

Threat actors compromised the Injective Labs SDK project's GitHub repository, publishing a malicious npm package designed to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised package, @injectivelabs/sdk-ts@1.20.21, contained fake telemetry functionality to exfiltrate sensitive wallet data.

IFF Assessment

FOE

This incident highlights a new supply chain attack vector targeting cryptocurrency users, posing a direct threat to their assets and funds.

Defender Context

This incident serves as a stark reminder of the persistent threat of supply chain attacks, particularly within the cryptocurrency ecosystem. Defenders should be vigilant about the integrity of software dependencies and monitor for suspicious package updates, especially in projects handling sensitive financial data. Users should exercise caution when updating libraries and ensure they are fetching from trusted sources.

Read Full Story →