fintech · BleepingComputer
Hackers compromised a GitHub account associated with the Injective Labs SDK project and published a malicious version (1.20.21) of the @injectivelabs/sdk-ts package on npm. The package, which has approximately 50,000 weekly downloads and is used to build cryptocurrency wallets, trading bots, and DeFi applications, contained malware that captures wallet private keys and mnemonic seed phrases when developers call SDK functions for key generation or import. The malware encodes the stolen data in base64 and exfiltrates it via HTTP POST requests. Security researchers detected the attack on June 8, the legitimate account owner reverted changes within minutes and released version 1.20.23, but the malicious version was downloaded approximately 310 times before deprecation. The malicious GitHub artifacts remain available, and the malware's 87 direct npm dependencies had a cumulative download count exceeding 112,000.
For Omniware's buyers, this incident underscores critical supply-chain risk in dependency management. SaaS startups and fintech firms integrating third-party SDKs should audit their dependency trees and implement software composition analysis (SCA) tools to detect compromised packages. Defense contractors and organizations handling sensitive data should enforce strict controls around npm package pinning, signature verification, and code review of transitive dependencies. Teams should also establish incident response procedures for compromised build environments—if developers' machines fetched the malicious package, credential rotation across all environments is essential. An Omniware engagement can scope dependency governance and supply-chain resilience strategies tailored to your compliance posture.
Source: BleepingComputer - https://www.bleepingcomputer.com/news/security/injective-sdk-on-npm-infected-with-cryptocurrency-wallet-stealer/
Source: BleepingComputer
All briefings