Injective SDK Compromised to Steal Cryptocurrency Wallet Keys

Hackers compromised the Injective Labs SDK GitHub repository and published a malicious version 1.20.21 on npm that steals cryptocurrency wallet private keys and mnemonic seed phrases when developers use wallet generation or import functions. The attack involved compromising a legitimate contributor's GitHub account, with suspicious commits beginning June 8 and the malicious package downloaded 310 times before a clean version 1.20.23 was published. The malware captures mnemonics and private keys, encodes them in base64, and exfiltrates them via HTTP POST requests to an Injective Labs infrastructure endpoint to appear legitimate.

The attackers also published compromised versions for 17 other associated packages, all pinned to the malicious SDK. The package has 50,000 weekly downloads and 87 direct dependencies, with cumulative downloads across dependent packages exceeding 112,000. The malware queues stolen secrets for two seconds, bundling multiple keys and mnemonics in request headers before exfiltration. Socket notes the malicious GitHub release artifacts remain available despite deprecation, and the npm package was not removed. Developers who fetched the malicious version should transfer funds to new wallets and rotate all environment secrets. The legitimate contributor detected the compromise within minutes and reverted changes promptly.

Read more...

Read More

Got Something To Say?

Your email address will not be published.