Crypto Key Stealer Hidden in Usage Telemetry Hits Injective SDK
Attackers compromised a maintainer's GitHub account to inject wallet-stealing malware disguised as telemetry into the official Injective SDK on npm.
On July 9, 2026, a supply chain attack compromised the @injectivelabs/sdk-ts package on npm, transforming the official Injective SDK into a mechanism for cryptocurrency credential theft. Attackers hijacked a legitimate contributor’s GitHub account to inject malicious code disguised as usage telemetry. Instead of collecting performance metrics, the payload scanned developer environments for mnemonic seed phrases and private keys, routing them directly to an external server.
The malicious commits began on June 8, 2026. The attackers waited a month before publishing the primary compromised version, v1.20.21, shortly before its discovery. Maintainers detected the anomaly within minutes, reverted the unauthorized changes, and pushed a clean release. Despite the rapid response, the malicious GitHub release artifacts remained accessible online for a short window.
Bypassing Default Protections
The malware execution strategy specifically accounted for recent ecosystem security upgrades. The npm v12 release on July 8, 2026, introduced stricter defaults, including disabling automatic install scripts. Because this payload was embedded directly within the functional SDK code rather than a pre-install or post-install script, it executed cleanly when developers imported the library.
The function masqueraded as routine telemetry gathering. Once invoked, it executed environment traversal looking for standard wallet configuration files and local memory structures containing unencrypted key material. This approach mirrors the recent Miasma worm stealing cloud keys by relying on developer trust in legitimate library calls rather than exploiting a software vulnerability.
Infection Scope and Transitive Reach
While the compromised version was deprecated quickly, the blast radius of npm supply chain attacks scales heavily through dependencies. The SDK averages 50,000 weekly downloads and serves as a foundational library for Layer-1 DeFi protocol development.
To maximize distribution, the attacker published version 1.20.21 for 17 additional packages associated with Injective Labs. They pinned all of these secondary packages to the infected SDK version.
| Metric | Volume |
|---|---|
| Primary Malicious Version | 1.20.21 |
| Clean Version | 1.20.23 |
| Direct Malicious Downloads | 310 |
| Direct npm Dependencies | 87 packages |
| Cumulative Transitive Downloads | 112,000+ |
Security researchers at OX Security, Socket, and StepSecurity mapped the dependency tree. They found 87 external npm packages directly rely on the SDK. The transitive reach across those dependent packages exceeds 112,000 downloads, leaving many downstream projects temporarily exposed even if they did not directly import the primary Injective package. Similar to the LiteLLM PyPI package compromise, automated dependency updates likely pulled the malicious code into active continuous integration pipelines before the deprecation propagated.
If you build decentralized exchanges, trading bots, or wallet applications using the Injective ecosystem, update your lockfiles to enforce @injectivelabs/sdk-ts version 1.20.23 immediately. You must assume any private keys, mnemonic phrases, or deployment credentials present in environments that executed version 1.20.21 are compromised and require immediate rotation.
Get Insanely Good at AI
The book for developers who want to understand how AI actually works. LLMs, prompt engineering, RAG, AI agents, and production systems.
Keep Reading
How to Cut CPU Costs with Cloudflare Workers Cache
You will learn how to configure Cloudflare Workers Cache to serve responses directly from entrypoints, handle invalidations, and partition cache keys.
PyTorch Lightning 2.6.2 Drops Self-Spreading Credential Stealer
Threat actors hijacked the PyPI credentials for PyTorch Lightning to publish two malicious versions containing a self-propagating credential stealer.
AI Prompt Injection Masks Malware in 19 PyPI Science Packages
The Hades supply chain campaign compromised 19 bioinformatics and Graph ML libraries on PyPI with memory scrapers and AI scanner misdirection.
OIDC Theft Enables Signed Malware in TanStack and Mistral
The TeamPCP threat group deployed the Mini Shai-Hulud worm to steal OIDC tokens and publish malicious, signed packages across the npm and PyPI registries.
Malicious element-data Release Steals Cloud API Credentials
A supply-chain attack on the popular element-data Python package exposed cloud provider keys and warehouse credentials for roughly 12 hours.