Injective SDK on npm infected with cryptocurrency wallet stealer
The Injective SDK, a JavaScript library for interacting with the Injective blockchain, was compromised on the npm package registry. A malicious version of the package was uploaded that contains a cryptocurrency wallet stealer. The malware is designed to steal private keys and other sensitive data from cryptocurrency wallets. Developers who installed the compromised package may have exposed their wallet credentials. The incident highlights ongoing security risks in the open-source software supply chain, particularly for packages related to cryptocurrency and blockchain technology.
// why it matters
Developers using the Injective SDK may have had their cryptocurrency wallet credentials stolen.