Dossier
Injective Labs
Coverage of Injective Labs in the Nexus archive.
- Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Unknown threat actors compromised the Injective Labs GitHub repository and published a malicious npm package to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised package, @injectivelabs/[email protected], included fake telemetry to exfiltrate wallet data.