S&P 5007,543.64▲0.8% Nasdaq26,206.89▲1.3% Dow52,487.41▲0.3% Russell 2K2,992.54▲1.2% 10-Yr4.54%−3bp VIX15.84−1.06 WTI$71.84▼2.3% Gold$4,131.40▲1.5% EUR/USD1.144▲0.3% BTC$64,013▲2.8% Nikkei66,819▼2.1%
At close · Thu, Jul 9, 2026
Daily Market Updates.

Crypto

HomeCryptoRegulationHackers backdoored Injective npm package to steal wall…

Hackers backdoored Injective npm package to steal wallet keys

Socket says a malicious change to an Injective SDK package, pinned across multiple npm libraries, targeted wallet key derivation to capture and exfiltrate seed phrases and private keys before the code was removed.

Cointelegraph reports that attackers compromised a widely used Injective-related npm package in a supply chain attack, aiming to steal crypto wallet private keys and seed phrases.

According to Cointelegraph, security firm Socket said the malicious modification was found in version 1.20.21 of the @injectivelabs/sdk-ts npm package, which has about 50,000 weekly downloads and is used by developers building on the Injective blockchain.

Socket also said suspicious commits began on June 8 and that the altered package was pinned across 17 other packages in the Injective Labs npm scope, potentially exposing users who did not install the SDK directly.

Cointelegraph added that the malicious code hooked into normal wallet key generation functions, recorded seed phrases and private keys, and exfiltrated them through fake telemetry, with the code later removed.

More like this

Sources

Get the close, explained.

One email every trading day: what moved, why it moved, and what's on deck tomorrow. Read in 3 minutes.

Free. Unsubscribe anytime.