Skip to content
The Nexus
SECURITYJul 10 · 17:29 UTCTHE HACKER NEWS[email protected] (The Hacker News)

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Unknown threat actors compromised the Injective Labs GitHub repository and published a malicious npm package to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised package, @injectivelabs/[email protected], included fake telemetry to exfiltrate wallet data.

Nexus surfaces and summarizes. The full story lives at the source.

Mentioned
Spot something wrong with this article?Report a problem →
Forward this
Related Signal

Adjacent reporting