Ai Engineering 3 min read

Crypto Key Stealer Hidden in Usage Telemetry Hits Injective SDK

Attackers compromised a maintainer's GitHub account to inject wallet-stealing malware disguised as telemetry into the official Injective SDK on npm.

On July 9, 2026, a supply chain attack compromised the @injectivelabs/sdk-ts package on npm, transforming the official Injective SDK into a mechanism for cryptocurrency credential theft. Attackers hijacked a legitimate contributor’s GitHub account to inject malicious code disguised as usage telemetry. Instead of collecting performance metrics, the payload scanned developer environments for mnemonic seed phrases and private keys, routing them directly to an external server.

The malicious commits began on June 8, 2026. The attackers waited a month before publishing the primary compromised version, v1.20.21, shortly before its discovery. Maintainers detected the anomaly within minutes, reverted the unauthorized changes, and pushed a clean release. Despite the rapid response, the malicious GitHub release artifacts remained accessible online for a short window.

Bypassing Default Protections

The malware execution strategy specifically accounted for recent ecosystem security upgrades. The npm v12 release on July 8, 2026, introduced stricter defaults, including disabling automatic install scripts. Because this payload was embedded directly within the functional SDK code rather than a pre-install or post-install script, it executed cleanly when developers imported the library.

The function masqueraded as routine telemetry gathering. Once invoked, it executed environment traversal looking for standard wallet configuration files and local memory structures containing unencrypted key material. This approach mirrors the recent Miasma worm stealing cloud keys by relying on developer trust in legitimate library calls rather than exploiting a software vulnerability.

Infection Scope and Transitive Reach

While the compromised version was deprecated quickly, the blast radius of npm supply chain attacks scales heavily through dependencies. The SDK averages 50,000 weekly downloads and serves as a foundational library for Layer-1 DeFi protocol development.

To maximize distribution, the attacker published version 1.20.21 for 17 additional packages associated with Injective Labs. They pinned all of these secondary packages to the infected SDK version.

MetricVolume
Primary Malicious Version1.20.21
Clean Version1.20.23
Direct Malicious Downloads310
Direct npm Dependencies87 packages
Cumulative Transitive Downloads112,000+

Security researchers at OX Security, Socket, and StepSecurity mapped the dependency tree. They found 87 external npm packages directly rely on the SDK. The transitive reach across those dependent packages exceeds 112,000 downloads, leaving many downstream projects temporarily exposed even if they did not directly import the primary Injective package. Similar to the LiteLLM PyPI package compromise, automated dependency updates likely pulled the malicious code into active continuous integration pipelines before the deprecation propagated.

If you build decentralized exchanges, trading bots, or wallet applications using the Injective ecosystem, update your lockfiles to enforce @injectivelabs/sdk-ts version 1.20.23 immediately. You must assume any private keys, mnemonic phrases, or deployment credentials present in environments that executed version 1.20.21 are compromised and require immediate rotation.

Get Insanely Good at AI

Get Insanely Good at AI

The book for developers who want to understand how AI actually works. LLMs, prompt engineering, RAG, AI agents, and production systems.

Keep Reading