Crypto
Home›Crypto›Regulation›Hackers backdoored Injective npm package to steal wall…
Hackers backdoored Injective npm package to steal wallet keys
Socket says a malicious change to an Injective SDK package, pinned across multiple npm libraries, targeted wallet key derivation to capture and exfiltrate seed phrases and private keys before the code was removed.
Cointelegraph reports that attackers compromised a widely used Injective-related npm package in a supply chain attack, aiming to steal crypto wallet private keys and seed phrases.
According to Cointelegraph, security firm Socket said the malicious modification was found in version 1.20.21 of the @injectivelabs/sdk-ts npm package, which has about 50,000 weekly downloads and is used by developers building on the Injective blockchain.
Socket also said suspicious commits began on June 8 and that the altered package was pinned across 17 other packages in the Injective Labs npm scope, potentially exposing users who did not install the SDK directly.
Cointelegraph added that the malicious code hooked into normal wallet key generation functions, recorded seed phrases and private keys, and exfiltrated them through fake telemetry, with the code later removed.