Act
active
Injective Labs GitHub Compromise Plants Wallet-Stealing npm Package
- Engineer — Act: Confirmed supply-chain attack: audit all dependency trees and package-lock files for @injectivelabs/sdk-ts@1.20.21; if found in any build artifact or runtime environment, treat wallet private keys and seed phrases as compromised and rotate immediately.
- SOC/IR — Act: Sweep CI/CD build logs, container image layers, and package manifests across all repositories for @injectivelabs/sdk-ts version 1.20.21; any positive hit should trigger an incident investigation for outbound exfiltration from build environments.
- Leader — Learn: A confirmed GitHub-to-npm supply-chain attack targeting crypto wallet credentials; worth referencing in supply-chain security policy discussions, and escalate to Act if the organization has products or vendors with Web3/DeFi dependencies.
This entry was curated and judged by AI (Claude) with automated enrichment
(CISA KEV / EPSS / public PoC). Verify against the original source before
acting. Found a bad verdict?
Report it —
confirmed errors go to the corrections log.