Investment
Features
FeesSafety
Academy
More
Pluang+

Malicious Injective npm package update exposed private keys to hackers over 300 times.

Market News
10 Jul 2026
Crypto news
View Source
Bearish
pluang ai news

A compromised update to the Injective developer npm package was downloaded over 300 times, exposing private keys and seed phrases through fake telemetry. The malicious code intercepted wallet key-generation functions and sent sensitive data to a fake server, affecting 17 related packages. Although the issue was quickly fixed and the malicious version removed, the security campaign is not fully contained. This attack highlights growing risks in developer tools used for blockchain applications, with wallet compromises causing $444 million in losses in early 2026.

More News (INJ)

banner-footerbanner-footer

Invest & Trade with
#1 Award-Winning Investment Super App