Binance Square
#supplychainattack

supplychainattack

8,322 views
21 Discussing
PhoenixTraderpro
·
--
HACKERS COMPROMISED THE OFFICIAL $INJ DEVELOPER KIT — 310 DOWNLOADS ⚠️ A backdoored version of Injective's SDK slipped in via a compromised GitHub account and stole wallet seed phrases and private keys during normal use. The payload went live for under an hour, spread across 18 npm packages, and was fetched 310 times before a fix landed. If you or any project you interact with runs wallet software or bots built on Injective, that one-hour window could have leaked keys. The code quietly recorded secrets and shipped them to a server designed to look legitimate. Developers were told to treat any keys that touched those versions as compromised. Are you checking which version your wallet or bot is running right now? Not financial advice. Always manage your risk. #INJ #SecurityAlert #SupplyChainAttack #CryptoWarning ⚡
HACKERS COMPROMISED THE OFFICIAL $INJ DEVELOPER KIT — 310 DOWNLOADS ⚠️

A backdoored version of Injective's SDK slipped in via a compromised GitHub account and stole wallet seed phrases and private keys during normal use. The payload went live for under an hour, spread across 18 npm packages, and was fetched 310 times before a fix landed.

If you or any project you interact with runs wallet software or bots built on Injective, that one-hour window could have leaked keys. The code quietly recorded secrets and shipped them to a server designed to look legitimate. Developers were told to treat any keys that touched those versions as compromised.

Are you checking which version your wallet or bot is running right now?

Not financial advice. Always manage your risk.

#INJ #SecurityAlert #SupplyChainAttack #CryptoWarning

$INJ SDK COMPROMISED — 50,000 WEEKLY DOWNLOADS AFFECTED ⚠️ The @injectivelabs/sdk-ts npm package was maliciously modified after a developer's GitHub account was compromised. Version 1.20.21 contains code that steals wallet private keys and mnemonic phrases, encoding them to a disguised server. With roughly 50,000 weekly downloads and 17 other packages in the same scope also locked, this is a broad supply chain attack. Suspicious commits started June 8th. Have you audited your dependencies? Not financial advice. Always manage your risk. #INJ #SupplyChainAttack #CryptoSecurity #SecurityAlert ⚠️
$INJ SDK COMPROMISED — 50,000 WEEKLY DOWNLOADS AFFECTED ⚠️

The @injectivelabs/sdk-ts npm package was maliciously modified after a developer's GitHub account was compromised. Version 1.20.21 contains code that steals wallet private keys and mnemonic phrases, encoding them to a disguised server.

With roughly 50,000 weekly downloads and 17 other packages in the same scope also locked, this is a broad supply chain attack. Suspicious commits started June 8th. Have you audited your dependencies?

Not financial advice. Always manage your risk.

#INJ #SupplyChainAttack #CryptoSecurity #SecurityAlert

⚠️
30 MALICIOUS NPM PACKAGES TARGETING $ETH DEVELOPERS FOUND 🔥 A coordinated supply chain attack has been uncovered, using a fake trading bot repository and a DeFi-themed npm package to inject a JavaScript information stealer. The scope includes 30 malicious packages, with stake-math@3.5.4 pinned as a dependency in a repo that spawned roughly 2,300 nearly identical forks — a clear automation red flag. Sensitive data in the line of fire: wallet libraries, private keys, mnemonics, API tokens, and stored browser credentials. If you’ve run npm install recently on any project connected to DeFi or trading bots, your environment may already be compromised. Are you auditing your dependencies today? Not financial advice. Always manage your risk. #ETH #SecurityAlert #DeFi #SupplyChainAttack 🔥
30 MALICIOUS NPM PACKAGES TARGETING $ETH DEVELOPERS FOUND 🔥

A coordinated supply chain attack has been uncovered, using a fake trading bot repository and a DeFi-themed npm package to inject a JavaScript information stealer. The scope includes 30 malicious packages, with stake-math@3.5.4 pinned as a dependency in a repo that spawned roughly 2,300 nearly identical forks — a clear automation red flag.

Sensitive data in the line of fire: wallet libraries, private keys, mnemonics, API tokens, and stored browser credentials. If you’ve run npm install recently on any project connected to DeFi or trading bots, your environment may already be compromised. Are you auditing your dependencies today?

Not financial advice. Always manage your risk.

#ETH #SecurityAlert #DeFi #SupplyChainAttack

🔥
Polymarket Vendor Compromised — Attackers Drained $2.9M From Wallets A supply chain attack hit Polymarket over the weekend. A malicious script injected into the frontend drained roughly $2.9 million before the team shut it down. This is not a smart contract exploit. Attackers targeted Polymarket's software supply chain rather than core infrastructure. Supply chain attacks hide in trusted third-party code, making them harder to spot. Polymarket confirmed all affected users will receive full refunds. The team isolated the breach quickly. But the incident highlights how platforms relying on external services expose attack surfaces beyond smart contracts. Prediction markets have drawn massive attention this year. This breach tests whether platforms can maintain trust as they scale. Security audits of third-party dependencies may need to become standard practice. Should decentralized platforms audit their software dependencies more aggressively? The industry is watching. $BTC $ETH $SOL #Polymarket #SupplyChainAttack #Crypto
Polymarket Vendor Compromised — Attackers Drained $2.9M From Wallets

A supply chain attack hit Polymarket over the weekend. A malicious script injected into the frontend drained roughly $2.9 million before the team shut it down.

This is not a smart contract exploit. Attackers targeted Polymarket's software supply chain rather than core infrastructure. Supply chain attacks hide in trusted third-party code, making them harder to spot.

Polymarket confirmed all affected users will receive full refunds. The team isolated the breach quickly. But the incident highlights how platforms relying on external services expose attack surfaces beyond smart contracts.

Prediction markets have drawn massive attention this year. This breach tests whether platforms can maintain trust as they scale. Security audits of third-party dependencies may need to become standard practice.

Should decentralized platforms audit their software dependencies more aggressively? The industry is watching. $BTC $ETH $SOL
#Polymarket #SupplyChainAttack #Crypto
$INJ SDK BACKDOOR – 310 DOWNLOADS OF MALICIOUS CODE BEFORE FIX 🔥 A tainted version of Injective's core TypeScript package was live for under an hour on npm, silently exfiltrating wallet seed phrases and private keys. The malicious release spread across 18 packages and was downloaded 310 times before being pulled. Security firm Socket confirmed the compromise originated from a hijacked GitHub contributor account. The rogue code disguised itself as analytics and sent stolen keys to a server mimicking legitimate Injective infrastructure. Any key that passed through version 1.20.21 should be treated as compromised. Are your projects running the affected @injectivelabs/sdk-ts package? Not financial advice. Always manage your risk. #INJ #SecurityAlert #CryptoAlert #WalletSafety #SupplyChainAttack 🔥
$INJ SDK BACKDOOR – 310 DOWNLOADS OF MALICIOUS CODE BEFORE FIX 🔥

A tainted version of Injective's core TypeScript package was live for under an hour on npm, silently exfiltrating wallet seed phrases and private keys. The malicious release spread across 18 packages and was downloaded 310 times before being pulled.

Security firm Socket confirmed the compromise originated from a hijacked GitHub contributor account. The rogue code disguised itself as analytics and sent stolen keys to a server mimicking legitimate Injective infrastructure. Any key that passed through version 1.20.21 should be treated as compromised.

Are your projects running the affected @injectivelabs/sdk-ts package?

Not financial advice. Always manage your risk.

#INJ #SecurityAlert #CryptoAlert #WalletSafety #SupplyChainAttack

🔥
Log in to explore more content
Join global crypto users on Binance Square
⚡️ Get latest and useful information about crypto.
💬 Trusted by the world’s largest crypto exchange.
👍 Discover real insights from verified creators.
Email / Phone number