The developer ecosystem surrounding Injective has become the latest target of a serious software supply chain attack. Cybersecurity firm Socket discovered that a compromised version of the @injectivelabs/sdk-ts package contained malicious code capable of secretly transmitting wallet private keys and recovery seed phrases to servers controlled by attackers.
The incident highlights a growing trend in the crypto industry, where hackers are increasingly targeting developer tools instead of attacking blockchains or smart contracts directly.
Malicious update intercepted sensitive wallet data
According to Socket, version 1.20.21 of the @injectivelabs/sdk-ts package was compromised. The software development kit is widely used by developers and typically records tens of thousands of downloads each week.
Investigators found that attackers gained access to a developer's GitHub account before injecting malicious code into the package. Suspicious commits first appeared in early June and were later propagated across multiple additional packages within the Injective ecosystem.
The malware intercepted wallet generation functions, captured private keys and recovery seed phrases, encrypted the collected information, and transmitted it through fake telemetry requests to a server designed to resemble legitimate Injective infrastructure.
Security researchers warned that any private keys or mnemonic phrases processed by the compromised packages should be considered exposed. The risk was not limited to applications that directly installed the SDK, as projects relying on affected dependencies could also have been impacted.
Although the malicious version was removed shortly after it was discovered, experts cautioned that the broader campaign may not yet be fully contained.
Injective CEO Eric Chen stated that the affected npm packages were outdated and that the issue has since been resolved. He also emphasized that neither the Injective blockchain nor user funds on the network were directly compromised. Socket has not confirmed whether the attack ultimately resulted in stolen crypto assets.
Developers are becoming a primary target
The attack reflects a broader shift toward software supply chain compromises within the cryptocurrency industry. Rather than attempting to exploit blockchain protocols themselves, attackers are increasingly focusing on development tools, package repositories, and software libraries used to build wallets, exchanges, and decentralized applications.
In its latest threat report, the Security Alliance (SEAL) warned that cybercriminals are making greater use of platforms such as GitHub, npm, and even Google search results to distribute malicious software.
In several cases, compromised developer machines were reportedly used to inject malicious code directly into corporate GitHub repositories, allowing attackers to spread malware through trusted software distribution channels. Researchers have also observed a rise in sophisticated campaigns combining information stealers, remote access trojans (RATs), backdoors, and malware specifically targeting macOS systems.
The Injective incident is not an isolated case. Earlier this year, compromised Axios npm packages and the large-scale TrapDoor campaign targeted developers working in cryptocurrency, DeFi, artificial intelligence, and cybersecurity. GitHub also disclosed unauthorized access to several internal repositories after a company employee's device was compromised.
According to blockchain security firm CertiK, wallet compromises became the costliest category of crypto attacks during the first half of 2026. Across 33 separate incidents, attackers stole approximately $444 million in digital assets, underscoring that securing developer infrastructure has become one of the industry's most critical cybersecurity challenges.
#CryptoSecurity ,
#CyberSecurity ,
#blockchain ,
#defi ,
#CryptoNews Stay one step ahead – follow our profile and stay informed about everything important in the world of cryptocurrencies.
Disclaimer:
The information and opinions presented in this article are for informational and educational purposes only and should not be considered financial or investment advice. Nothing on this page constitutes a recommendation to buy or sell any assets. Cryptocurrency investments are inherently risky and may result in financial loss. Always do your own research before making any investment decisions.