Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

injective-labs-github-compromise-pushes-wallet-key-stealing-npm-packages
Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Ravie LakshmananJul 10, 2026Software Supply Chain / Malware

Unknown threat actors compromised the Injective Labs SDK project’s GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases.

The compromised version, @injectivelabs/sdk-ts@1.20.21, came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was released on July 8, 2026, but has since been deprecated on the registry. That said, the release artifacts belonging to the compromised version are still available for download from GitHub as of writing.

“The malicious functionality was introduced to the project’s official GitHub repository through commits submitted by a GitHub account belonging to a developer with an established history of contributions to the repository,” Socket said.

The software supply chain security firm said the threat actor behind the attack also published version 1.20.21 across 17 additional @injectivelabs scoped packages that depended on and pinned the malicious SDK version, thereby putting transitive users who may not have installed the library directly. This includes –

  • @injectivelabs/utils
  • @injectivelabs/networks
  • @injectivelabs/ts-types
  • @injectivelabs/exceptions
  • @injectivelabs/wallet-base
  • @injectivelabs/wallet-core
  • @injectivelabs/wallet-cosmos
  • @injectivelabs/wallet-private-key
  • @injectivelabs/wallet-evm
  • @injectivelabs/wallet-trezor
  • @injectivelabs/wallet-cosmostation
  • @injectivelabs/wallet-ledger
  • @injectivelabs/wallet-wallet-connect
  • @injectivelabs/wallet-magic
  • @injectivelabs/wallet-strategy
  • @injectivelabs/wallet-turnkey
  • @injectivelabs/wallet-cosmos-strategy

The malware present within the package is fairly simple and straightforward, which gets triggered when the library functionality is used by an unsuspecting developer. By avoiding lifecycle scripts and not launching it during the installation phase, it helps the malware fly under the radar.

Specifically, the poisoned version has been found to modify legitimate functions used in workflows to generate private keys by invoking a “trackKeyDerivation()” function under the guise of collecting anonymized usage metrics for SDK optimization.

“Tracks which key derivation methods are used (hex vs mnemonic) and derives timing patterns to help the SDK team identify performance bottlenecks and understand adoption of different key formats across the ecosystem,” reads the description of the supposed telemetry function. “All metrics are fire-and-forget and never block or affect key derivation.”

According to Socket, parameters passed to the function include a hard-coded marker describing the method used to generate the private key and the actual sensitive information needed for generating the private key. The captured material is enough for the threat actor to regenerate the private key at their end.

“The malware adds crypto wallet stealing logic to a crypto wallet package, every time a legitimate user creates or uses the logic that reads mnemonic phrases – which are basically the master key for any crypto wallet, the malware reads them and sends them to the remote server,” OX Security said.

In an attempt to reduce the number of outbound requests, the exfiltration mechanism is designed to append multiple key derivations over a two-second window into a single queue and then send them in the form of an HTTPS POST request to an external server (“testnet.archival.chain.grpc-web.injective[.]network”) in a single beacon.

StepSecurity noted the malicious release was facilitated through the repository’s own trusted-publisher (OIDC) pipeline, adding that the malicious commits were authored and pushed under the identity of an existing, trusted maintainer (“thomasRalee”).

Users who have installed the malicious version are recommended to update to the newly published, clean version of the package (1.20.23), treat any private key or mnemonic phrase passed through the package as compromised and rotate them, and check for transitive dependencies.

Found this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.

Leave a Reply

Your email address will not be published. Required fields are marked *