saas · TheHackerNews
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and published malicious npm packages designed to steal cryptocurrency wallet private keys and mnemonic seed phrases. The poisoned version @injectivelabs/sdk-ts@1.20.21, released July 8, 2026, contained fake telemetry functionality that exfiltrated sensitive wallet data. The attacker also published version 1.20.21 across 17 additional @injectivelabs-scoped packages, exposing transitive dependencies. The malware avoided detection by skipping installation-phase triggers and instead activating when legitimate key-derivation functions were called, sending captured credentials to an external server via HTTPS POST requests.
This incident underscores the risk of compromised open-source dependencies for SaaS platforms and fintech services. Any organization integrating Injective Labs packages—whether directly or as transitive dependencies—should audit their supply chain and validate package integrity. For SaaS teams relying on third-party npm modules, this highlights the need for strict dependency governance, lock-file management, and runtime monitoring of sensitive operations. Fintech and cryptocurrency-adjacent services face heightened exposure; an Omniware engagement can scope dependency-security controls and establish detection strategies aligned with your risk tolerance and compliance posture.
Source: The Hacker News - https://thehackernews.com/2026/07/injective-labs-github-compromise-pushes.html
Source: TheHackerNews
All briefings