Attackers compromised the GitHub repository for Injective Labs, a cryptocurrency infrastructure project, and used the access to publish a trojanized npm package designed to steal private wallet keys and mnemonic seed phrases from developers.
The malicious package, @injectivelabs/sdk-ts version 1.20.21, contained fake telemetry code that exfiltrated sensitive cryptocurrency wallet data when installed as a dependency. This supply chain attack exploited the trust developers place in established open-source projects to distribute credential-stealing malware.
Injective Labs SDK is a TypeScript library widely used by developers building applications on the Injective blockchain network. The compromised repository gave attackers the ability to inject malicious code directly into the published npm package, reaching any developer who installed or updated to the affected version.
The fake telemetry module functioned as a wrapper around legitimate wallet operations, allowing attackers to intercept and transmit private keys and seed phrases to attacker-controlled infrastructure. This approach is particularly effective because developers often trust telemetry functions in open-source projects without scrutinizing the underlying code.
This attack exemplifies the increasing targeting of cryptocurrency development tools. Threat actors recognize that compromising developer dependencies yields high-value targets. A single trojanized package reaches hundreds or thousands of downstream users, potentially exposing millions in cryptocurrency holdings.
Organizations and individual developers using Injective Labs SDK should immediately audit their dependency versions and regenerate any cryptocurrency wallet keys that may have been compromised. Security teams should review package installation logs to identify exposure windows. npm has likely removed the malicious version, but developers must verify their current SDK versions match secure releases.
The incident underscores the fragility of open-source supply chains in cryptocurrency development. GitHub repository compromises, regardless of how they occur, represent a critical vector for distributing malware at scale. Projects handling cryptographic credentials require height
