Investment
Features
FeesSafety
Academy
More
Pluang+

Malicious Injective Labs SDK compromised, risking crypto wallets via stolen developer credentials

Market News
10 Jul 2026
AMBCrypto
View Source
Bearish
pluang ai news

Attackers hijacked a trusted Injective Labs software package on npm by accessing a contributor's GitHub account and injecting malware. The compromised SDK stole private keys and seed phrases from developers' wallets, affecting over 50,000 weekly downloads and spreading through 17 dependent packages. Although a clean version was released, the malicious package remains accessible, urging users to rotate credentials and move funds to new wallets. This incident highlights growing risks in software supply chains and coincides with a separate $20 million crypto hack at BonkDAO.

More News (INJ)

banner-footerbanner-footer

Invest & Trade with
#1 Award-Winning Investment Super App