HACKERS COMPROMISED THE OFFICIAL
$INJ DEVELOPER KIT — 310 DOWNLOADS ⚠️
A backdoored version of Injective's SDK slipped in via a compromised GitHub account and stole wallet seed phrases and private keys during normal use. The payload went live for under an hour, spread across 18 npm packages, and was fetched 310 times before a fix landed.
If you or any project you interact with runs wallet software or bots built on Injective, that one-hour window could have leaked keys. The code quietly recorded secrets and shipped them to a server designed to look legitimate. Developers were told to treat any keys that touched those versions as compromised.
Are you checking which version your wallet or bot is running right now?
Not financial advice. Always manage your risk.
#INJ #SecurityAlert #SupplyChainAttack #CryptoWarning ⚡