Compromised Injective Labs GitHub Repo Used to Publish Wallet-Key-Stealing npm Package

Another JavaScript-ecosystem SDK compromise with cryptocurrency-user implications — defender inventory work this week.

Share

Key Takeaways

  • Unknown threat actors on or around July 10, 2026 reportedly compromised the Injective Labs SDK GitHub repository and used it to publish a malicious npm package designed to exfiltrate cryptocurrency wallet private keys and mnemonic seed phrases, according to The Hacker News; the named compromised release is @injectivelabs/sdk-ts@1.20.21.
  • The incident is the latest entry in the JavaScript-ecosystem supply-chain thread that has run through 2026, and it carries direct cryptocurrency-user implications because the affected package is a software development kit that wallet, trading, and decentralized-finance developers build on top of.
  • For defenders, the actionable core is inventory and containment: determine whether the compromised version entered any dependency tree, pin or remove it, and treat any wallet private key or mnemonic seed phrase handled by an affected build as compromised and subject to rotation. Several facts remain unconfirmed and are tracked as open questions.

Another JavaScript-ecosystem SDK compromise with cryptocurrency-user implications — the week's defender work is inventory, pinning, removal, and key rotation.

SAN FRANCISCO, CALIFORNIA — Unknown threat actors on or around July 10, 2026 reportedly compromised the GitHub repository behind the Injective Labs SDK and used it to publish a malicious package to npm designed to exfiltrate cryptocurrency wallet private keys and mnemonic seed phrases. The named compromised release is @injectivelabs/sdk-ts@1.20.21. Injective Labs maintains a widely used TypeScript and JavaScript SDK that developers rely on to build wallets, trading tools, and decentralized-finance applications, placing the compromise at the intersection of the JavaScript supply chain and the cryptocurrency ecosystem.

The disclosure, reported by The Hacker News, frames the incident as a package-registry supply-chain compromise rather than an isolated application bug: the malicious code reached developers through the same trusted distribution path they use every day. For defender teams the questions are narrow and urgent — whether the compromised version entered any build, what it could have touched, and how quickly it can be pinned out, removed, and followed by key rotation. This report stays in those terms and does not reconstruct how the exfiltration was carried out.

At a Glance
FieldDetails
MaintainerInjective Labs (Injective blockchain SDK project)
WhatCompromise of the project's GitHub repository, used to publish a malicious npm package
Compromised package@injectivelabs/sdk-ts@1.20.21
Targeted dataCryptocurrency wallet private keys and mnemonic seed phrases
Ecosystemnpm (JavaScript/TypeScript package registry)
ReportedOn or around July 10, 2026, by The Hacker News
Access pathNot confirmed — maintainer-account takeover vs. CI/CD path undisclosed
Defender actionInventory for the affected version, pin or remove it, rotate exposed keys; several details unconfirmed

What The Hacker News Documented

According to The Hacker News, unknown threat actors compromised the Injective Labs SDK GitHub repository on or around July 10, 2026 and used that access to publish a malicious package to npm. The compromised release named in the reporting is @injectivelabs/sdk-ts@1.20.21 — the Injective Labs software development kit that developers building on the Injective blockchain import to handle wallet, trading, and decentralized-finance functionality, which is why a poisoned version has implications well beyond the project itself.

The reporting describes the package as designed to exfiltrate cryptocurrency wallet private keys and mnemonic seed phrases — the two secrets that grant full control of a wallet's funds. In defender terms, that is the material fact: any environment where the compromised version handled those secrets must treat them as exposed, regardless of mechanism. Consistent with early-stage disclosures, several specifics are unestablished — whether Injective Labs has issued a formal advisory, how many times the version was downloaded, whether any funds were drained, and whether the repository was reached via maintainer-account takeover or a CI/CD path. Those unknowns are tracked below rather than filled in.

Defender Posture for Organizations Depending on the Injective Labs SDK

For any organization whose software depends on the Injective Labs SDK, the first task is inventory: determine whether @injectivelabs/sdk-ts@1.20.21 — or any package that pulls it in as a direct or transitive dependency — entered the environment, checking lockfiles, build caches, and CI runners rather than only top-level manifests. Where it is found, the response follows the standard containment sequence for a poisoned dependency: pin away to a known-good version, remove the artifact from caches and mirrors, and rebuild clean. That is the same discipline defenders applied to earlier registry incidents such as the node-ipc npm package that shipped a stealer and developer-secret backdoor.

The distinctive element here is key rotation. Because the malicious package targeted cryptocurrency wallet private keys and mnemonic seed phrases, any such secret that passed through a build running the compromised version should be treated as compromised and rotated — funds moved to a freshly generated wallet, and the old keys and seed phrases retired. That step has no equivalent in a typical infostealer cleanup: with cryptocurrency, exposure of a private key or a mnemonic seed phrase is effectively irreversible, so rotation is not a precaution but the core remediation. Defenders should assume exposure and rotate rather than wait for proof that a specific key was taken.

A Continuation of the JavaScript-Ecosystem Supply-Chain Thread

The Injective Labs compromise is the latest entry in a supply-chain thread that has defined much of 2026's registry-security story: a trusted project's publishing path is subverted, and a malicious version rides legitimate distribution to reach developers who did nothing wrong. It echoes the compromise that pushed malicious versions of 145 Mastra-related npm packages through a contributor account and the Laravel Lang supply-chain compromise that planted a credential stealer. The delivery surfaces vary while the logic stays constant: CI/CD pipelines drove the Cordyceps campaign that reached roughly 300 GitHub repositories, self-propagation drove the Shai-Hulud npm worm, and even AI tooling became a channel in the hallusquatting technique that turned hallucinated package names into a botnet-delivery vector. A parallel same-week npm compromise involving the Jscrambler packages underscored that this was one of several incidents converging on the registry at once.

That backdrop is why the ecosystem's posture has shifted toward safer defaults, including the release of npm 12 with install scripts disabled by default. Yet a compromised SDK is a reminder that install-time execution is only one exposure class: a software development kit is imported and called throughout an application's own code, so the trust placed in it extends well past installation — the surface install-script defaults do not reach. The same limitation recurred in typosquat-and-worm hybrids such as the mini Shai-Hulud typosquatted-npm campaign aimed at cloud and CI/CD secrets. No single default closes every path, and defenders still have to reason about how a dependency behaves in use, not only at install.

How Cryptocurrency Wallet Providers Are Likely to Respond

For cryptocurrency wallet providers and the broader decentralized-finance developer community, an SDK-level compromise is a distinct problem from a breach of any single application. Because a widely used SDK sits underneath many downstream products, a poisoned version is a shared exposure: every wallet, exchange interface, or trading tool built on it inherits the question of whether it shipped or ran the compromised code. The expected response, consistent with prior dependency incidents, is a rapid audit of build pipelines against the named version followed by public guidance to downstream developers. Providers carry an added duty of care because users' funds are directly at stake.

Where a provider determines that key-handling code paths could have touched the compromised version, the responsible course is to advise affected users to move funds to freshly generated wallets and retire any potentially exposed keys or seed phrases — unwelcome advice, because it asks users to act on possible rather than confirmed exposure, but the irreversibility of cryptocurrency theft makes precaution the conservative default. What is not yet known is itself a watch item: it is unconfirmed whether Injective Labs has issued a formal advisory, and the speed and clarity of any coordinated communication will shape how effectively downstream teams can scope their own exposure.

Scope and Impact

In scope, the compromise concerns a specific named release — @injectivelabs/sdk-ts@1.20.21 — published to npm by way of a compromised Injective Labs GitHub repository, targeting a specific, high-value data class: cryptocurrency wallet private keys and mnemonic seed phrases. The immediately affected population is any developer or organization that pulled the version into a build, directly or transitively, and any end user whose keys were handled by software built on it.

In impact, the consequential feature is the leverage an SDK provides. Unlike a breach confined to one company's systems, a compromised developer library propagates through every product that adopts it, which is what makes registry-level incidents a recurring priority for defenders. The counterweight is that impact is bounded by adoption of the single named version: teams that never installed 1.20.21, or can prove it never reached a key-handling path, face a scoping exercise rather than a remediation. The unknowns — download totals, any funds drained, and the exact access path — mean the ceiling on impact is not yet fixed, the appropriate posture for a freshly disclosed compromise.

Open Questions

Several core facts are unresolved at disclosure. It is not confirmed whether Injective Labs has issued a formal advisory; the number of times the malicious version was downloaded is not established; and no figure for any funds drained has been confirmed. This report estimates neither, and readers should be wary of specific numbers until a primary source provides them. The access path is also undisclosed — whether the repository compromise resulted from a maintainer-account takeover or from a compromise of the project's build or CI/CD pipeline, a distinction that matters because the two imply different containment and recovery steps.

What is confirmed is enough to drive defender action without waiting for the rest: a compromised, named SDK version reached npm through a trusted repository, and it targeted the private keys and mnemonic seed phrases that control cryptocurrency wallets. That justifies the week's work — inventory for the affected version, pin or remove it where found, and rotate any keys or seed phrases that could have been exposed — while the download totals, loss figures, access path, and official advisories are filled in as the disclosure matures.


The CyberSignal Analysis

The reported facts above rest on The Hacker News reporting; what follows is The CyberSignal's editorial reading of what defenders should take from them. None of the judgments below are new reported facts.

Signal 01 — Rotation, Not Cleanup, Is the Defining Response

The lesson that separates this from an ordinary dependency compromise is the data at risk. Cryptocurrency private keys and mnemonic seed phrases are bearer secrets: whoever holds them controls the funds, and their exposure cannot be undone by resetting a password or revoking a token. Our reading is that defenders should treat any key or seed phrase that could have passed through the compromised version as already lost, and act accordingly, rather than waiting for evidence that a specific secret was taken.

That reframes remediation from cleanup to rotation. Removing the malicious package and rebuilding is necessary but not sufficient; the irreversible step is generating new wallets and moving funds off any potentially exposed keys. We would grade a downstream team's response not on how fast it purged the artifact but on whether it rotated the secrets the artifact was built to steal — with cryptocurrency, the only action that actually bounds the loss.

Signal 02 — An SDK Compromise Is a Shared Exposure, Not a Single Breach

The second point defenders should internalize is the leverage inherent in an SDK. A software development kit is adopted by many products and woven through their code; a compromise of the kit is a compromise shared across everything built on it. That is what makes SDK and library incidents disproportionately consequential relative to their apparent size: one poisoned version is not one victim but a fan-out across an entire downstream population.

The corollary is that scoping cannot stop at a team's own code. The question is not only whether a team imported the affected version directly, but whether anything it ships imports something that imports it — the transitive case that lockfile and dependency-graph review exist to answer. Teams that scope only their direct dependencies will systematically undercount their exposure, which is why the inventory step has to reach all the way down the tree.

Signal 03 — Install-Script Defaults Don't Cover the SDK Trust Surface

The forward-looking thread is what this compromise says about the limits of the ecosystem's recent hardening. Disabling npm install scripts by default is a genuine improvement, but it addresses code that runs at install time — and an SDK's trust surface extends through every function a developer calls in their own application. Our reading is that the Injective Labs case marks the boundary of install-time defenses: the risk lived in a library meant to be imported and used, territory no install-script default reaches.

The watch item is whether defensive attention now follows the risk upstream. The controls that would most directly bound an incident like this — verified release provenance, publisher-identity guarantees, and the ability to detect a repository or publishing-path compromise before a poisoned version ships — sit above the install boundary entirely. We would treat the durability of those upstream controls, not the install-script default, as the real measure of whether the JavaScript supply chain is getting harder to abuse.


Sources

TypeSource
ReportingThe Hacker News — Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Primarynpm — @injectivelabs/sdk-ts package registry entry
RelatedThe CyberSignal — npm 12 Disables Install Scripts by Default
RelatedThe CyberSignal — Mastra npm 145-Package Contributor-Account Compromise
RelatedThe CyberSignal — Cordyceps CI/CD Campaign Across ~300 GitHub Repositories