Flash News
Injective npm Package Maliciously Modified
Security company Socket discovered that the Injective blockchain @injectivelabs/sdk-ts npm package was maliciously tampered with.
Attackers compromised the developer's GitHub account to implant code that steals wallet private keys and mnemonic phrases, encoding the data and sending it to a disguised server. The package has approximately 50,000 weekly downloads, with the malicious version 1.20.21 appearing on June 8.
Injective CEO Eric Chen stated that the issue has been resolved, the affected version has been deprecated, and network funds are safe. However, the malicious package has been downloaded over 310 times and has locked 17 other packages. Socket warns that the attack has not been fully contained.
Source: Public Information
ABAB AI Insight
Source
·ABAB News·
2 min read
·1d ago