Hackers Attempt to Backdoor Injective npm Package to Steal Crypto Wallet Keys

Published:

A suspected software supply chain attack briefly compromised an npm package used by developers building on the Injective blockchain, exposing cryptocurrency wallet credentials to potential theft. Security researchers identified a malicious version of the Injective SDK that secretly collected private keys and mnemonic seed phrases through code disguised as routine telemetry. The incident highlights the growing threat that software package compromises pose to cryptocurrency projects and decentralized application developers.

The affected package appeared legitimate because it was distributed through the official npm ecosystem, making it difficult for developers to recognize the malicious changes before installation. Experts warned that anyone who installed the compromised release should immediately assume that sensitive wallet credentials may have been exposed and rotate affected keys.

Supply chain attack targets developers

The malicious code reportedly focused on extracting cryptocurrency wallet secrets rather than disrupting applications. By embedding credential theft into a trusted development package, attackers attempted to compromise developers who often manage production wallets, deployment credentials, and blockchain infrastructure from their workstations.

Security analysts advised teams to audit their software dependencies and identify whether the compromised package version was installed in development or production environments. If confirmed, organizations should replace the affected version with a trusted release, revoke exposed credentials, and move digital assets to newly generated wallets.

The incident follows a broader trend of attackers targeting open source software repositories instead of individual users. By compromising widely used developer tools, threat actors can potentially reach hundreds or thousands of downstream projects through a single malicious update.

Growing concern for crypto security

The Injective SDK incident adds to a series of recent attacks against software supply chains serving the cryptocurrency industry. Security researchers have observed an increase in malicious npm packages designed to steal wallet files, cloud credentials, API tokens, and SSH keys from developers working on blockchain and Web3 applications.

Experts recommend that development teams strengthen package verification procedures, enforce multi-factor authentication for publishing accounts, and continuously monitor dependencies for unexpected updates. They also encourage organizations to use software composition analysis tools and perform routine security reviews before deploying new package versions.

The latest compromise serves as another reminder that software supply chain security has become a critical component of protecting digital assets, particularly as attackers increasingly focus on trusted developer ecosystems instead of traditional phishing campaigns.

Raj Sharma
Raj Sharma
I have been involved in the blockchain industry for over 5 years and have an extensive understanding of the technology. My career in cryptocurrency started with writing articles about blockchain technology and its use cases for various publications.

Related News

Recent