CuraSec

Act active

Injective Labs GitHub Compromise Plants Wallet-Stealing npm Package

2026-07-11 11:49 UTC · The Hacker News · read the source ↗ #supply-chain#npm#credential-theft
  • Engineer — Act: Confirmed supply-chain attack: audit all dependency trees and package-lock files for @injectivelabs/sdk-ts@1.20.21; if found in any build artifact or runtime environment, treat wallet private keys and seed phrases as compromised and rotate immediately.
  • SOC/IR — Act: Sweep CI/CD build logs, container image layers, and package manifests across all repositories for @injectivelabs/sdk-ts version 1.20.21; any positive hit should trigger an incident investigation for outbound exfiltration from build environments.
  • Leader — Learn: A confirmed GitHub-to-npm supply-chain attack targeting crypto wallet credentials; worth referencing in supply-chain security policy discussions, and escalate to Act if the organization has products or vendors with Web3/DeFi dependencies.
This entry was curated and judged by AI (Claude) with automated enrichment (CISA KEV / EPSS / public PoC). Verify against the original source before acting. Found a bad verdict? Report it — confirmed errors go to the corrections log.