Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Overview
Injective Labs' GitHub repository was compromised by unknown attackers who uploaded a malicious package to the npm registry. This malicious version, identified as @injectivelabs/sdk-ts@1.20.21, was designed to steal private keys and mnemonic seed phrases from cryptocurrency wallets. The attackers disguised the harmful code as telemetry functionality, tricking users into believing it was legitimate. This incident poses a significant risk to users of the Injective Labs SDK, as their sensitive information could be at risk of theft. Cryptocurrency users should be cautious and verify the integrity of packages before installation, especially those that seem to come from compromised sources.
Key Takeaways
- Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
- Affected Systems: @injectivelabs/sdk-ts@1.20.21
- Action Required: Users should avoid using the compromised package version and ensure they are using a secure version of the SDK.
- Timeline: Newly disclosed
Original Article Summary
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was
Impact
@injectivelabs/sdk-ts@1.20.21
Exploitation Status
This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.
Timeline
Newly disclosed
Remediation
Users should avoid using the compromised package version and ensure they are using a secure version of the SDK. Regularly check for updates and verify package integrity before installation.
Additional Information
This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.