Crypto Prices

Injective SDK Compromise Exposes Wallet Data Through Malicious Update

13 hours ago
1 min read
3 views

Critical Breach in Developer Package

A critical breach involving a developer package associated with Injective has raised alarms in the crypto community, exposing sensitive wallet data after being downloaded on over 300 occasions. Security experts from Socket recently discovered that the npm package, version 1.20.21, which usually garners around 50,000 downloads weekly, was compromised following unauthorized access to a developer’s GitHub account.

Details of the Compromise

Notably, the script was tampered with beginning June 8, leading to the malicious version being linked to 17 other packages under the Injective Labs namespace. The altered code was designed to hijack key-generation functions for wallets, capturing both private keys and recovery phrases. This sensitive information was then encoded and transmitted through what appeared to be legitimate telemetry to a spoofed web address mimicking an Injective server.

“Any mnemonic phrases or keys processed through the affected packages should be considered at risk,” Socket advised, emphasizing that applications may have been exposed even if they did not directly utilize the Software Development Kit (SDK).

Response from Injective

In response to this incident, Injective’s CEO Eric Chen confirmed that the compromised npm releases have been deprecated and that the vulnerabilities have been addressed. While the malicious version has been removed, Socket cautioned that the threat is not completely eradicated. Chen reassured users that funds on the Injective network remain secure, although Socket has not indicated whether the attack resulted in any theft of assets.

Shift in Attack Strategies

The attack represents a shift away from targeting a blockchain’s cryptographic defenses or smart contracts, focusing instead on the development tools employed for creating wallets, exchanges, and other applications. A recent threat report from the Security Alliance has highlighted a growing trend where attackers exploit platforms such as GitHub and npm to distribute malware. They noted alarming examples where compromised machines were leveraged to inject malicious code into corporate GitHub repositories, thereby creating vectors for broader attacks.

The report also cited an increase in cross-platform malware that integrates infostealers, remote access trojans, and backdoors, particularly with campaigns aimed at macOS users gaining traction.

Historical Context and Financial Impact

Earlier in 2023, the Axios npm releases fell victim to a similar supply-chain assault in March, while the TrapDoor initiative, discovered in May, sought to compromise developers involved in cryptocurrency, decentralized finance (DeFi), artificial intelligence, and cybersecurity sectors. Moreover, GitHub reported unauthorized access to internal repositories due to compromised employee devices in May.

As a result of such vulnerabilities, wallet compromises became the most financially damaging method in cryptocurrency-related attacks during the first half of 2026, accounting for a staggering $444 million loss across 33 incidents, as per CertiK’s findings.

On another note, Injective has witnessed a significant decline in its total value locked, plummeting 88% from a peak of $71 million in mid-2024, now standing at just $8.2 million, according to data from DefiLlama. Earlier this year, community members took action by approving IIP-617, aimed at accelerating the reduction of new INJ issuance while maintaining existing token burn levels.