On June 8, 2026, the Injective Labs SDK project's GitHub repository was compromised, leading to a significant Injective SDK stealer incident. An attacker, likely through a stolen credential, took over a legitimate contributor's account. This unauthorized access let them publish a malicious version, 1.20.21, of the @injectivelabs/sdk-ts package to npm, initiating a sophisticated supply chain attack targeting cryptocurrency wallets.
What Actually Happened
The incident began when an attacker gained control of a legitimate contributor's GitHub account for the Injective Labs SDK project. This wasn't a brute-force attack but rather a targeted compromise, likely involving stolen credentials or a sophisticated phishing scheme. With this access, the attacker was able to publish a malicious version, 1.20.21, of the @injectivelabs/sdk-ts package to npm. This specific package is a critical component for developers building applications within the Injective ecosystem, making it a high-value target for an Injective SDK stealer.
This wasn't an isolated incident. The attacker also republished 17 other packages associated with the project, all pinned to that same 1.20.21 version. This move shows a clear intent to broaden the attack surface, potentially affecting projects with transitive dependencies that might unknowingly pull in the compromised versions. The coordinated nature of these republishings indicates a well-planned attack designed to maximize reach and impact across the Injective development community.
Application security companies Socket, Ox Security, and StepSecurity quickly detected the malicious activity, flagging the suspicious changes almost immediately. The legitimate account owner also spotted the compromise within minutes, demonstrating commendable vigilance. They moved fast, reverting the changes and publishing a clean release, 1.20.23, to npm. That's a critical piece of the response, and it shows the value of active maintainer vigilance and robust security monitoring in the open-source supply chain.
However, the malicious 1.20.21 version was downloaded 310 times before it was deprecated. And here's the thing: deprecation doesn't mean removal. The malicious GitHub release artifacts are still out there, which means anyone not paying close attention could still stumble upon them. This lingering availability poses a continued risk, underscoring the need for developers to explicitly pin their dependencies and verify package integrity, especially in the wake of an Injective SDK stealer event.
How the Stealer Worked
The malware in 1.20.21 wasn't a "drive-by" infection. It didn't activate the moment you installed the package, which is an important distinction. Instead, it lay dormant until a developer used specific SDK functions that generate or import wallet keys. This is a clever way to target high-value actions and avoid immediate detection from static analysis tools that might flag suspicious code on install. The attacker understood the typical development workflow and designed the Injective SDK stealer to trigger at the most opportune moment.
Here's the attack chain, detailing the sophisticated steps taken by the attacker:
- Compromised Account: The attacker gains control of a legitimate Injective Labs contributor's GitHub account, likely through a credential theft.
- Malicious Code Injection: They push changes to the repository, embedding code into the
@injectivelabs/sdk-tspackage. This code is specifically designed to capture sensitive data, such as mnemonic seed phrases and private keys. - Malicious Package Publication: Version
1.20.21is published to npm, containing the hidden stealer. This step leverages the trust associated with official package releases. - Developer Download: Developers building on Injective download and install
1.20.21into their projects, unaware of the embedded threat. - Trigger Activation: When a developer's application calls an SDK function to generate a new wallet or import an existing one, the malicious code activates. This targeted activation ensures the stealer only acts when valuable data is present.
- Data Capture: The malware captures the full mnemonic seed phrase and the private key. It then encodes this sensitive data in base64 to obscure its nature.
- Exfiltration: The encoded data is bundled into an HTTP POST request header. The attacker designed this request to look like legitimate telemetry, sending it to an Injective Labs public infrastructure endpoint. This helps it blend in with normal network traffic, making it significantly harder to spot by network monitoring tools.
- Data Collection: The attacker collects these mnemonics and private keys from the compromised endpoint.
The goal is simple: use those mnemonics or private keys to port victims' wallets, giving them full access to digital assets for transfer or use. This direct access to funds makes the Injective SDK stealer particularly devastating for Web3 users.
The Real Impact on Web3
While 310 downloads of the malicious version might seem low compared to the package's 50,000 weekly downloads, the potential impact is far wider and more severe than the numbers suggest. This SDK is used by developers building cryptocurrency wallets, trading bots, decentralized exchanges, and other DeFi applications. If even one of those 310 downloads made it into a production application, the downstream risk to end-users is significant. A single compromised application could expose thousands, if not millions, of users to the Injective SDK stealer.
The package has 87 direct dependencies on npm, with a cumulative download count of over 112,000 for dependent packages. This shows the sheer breadth of projects that rely on Injective's SDK. Even if you didn't directly download 1.20.21, a transitive dependency could have pulled it in. That's the insidious nature of supply chain attacks in the npm ecosystem; a vulnerability in one component can ripple through countless projects, creating a vast attack surface for an Injective SDK stealer.
For Web3, this kind of compromise is particularly dangerous. Unlike traditional applications where a breach might mean data theft or system downtime, a stolen private key or mnemonic means direct, irreversible loss of digital assets. There's no "undo" button on the blockchain once funds are moved. A data breach is a direct attack on financial sovereignty, undermining the core principles of self-custody and trustless systems that Web3 aims to uphold. The long-term damage to user trust and ecosystem reputation can be profound.
What We Do Now
Injective Labs acted quickly to address the immediate threat, and that's important. Publishing a clean 1.20.23 release and deprecating the malicious version was the right first step. However, the incident highlights systemic issues we need to confront within the broader open-source and Web3 development communities. Proactive security measures are paramount to prevent future Injective SDK stealer events.
If you're a developer who used @injectivelabs/sdk-ts or any associated Injective packages around June 8, 2026, you need to assume compromise. Here's what you have to do to mitigate the risks:
- Transfer Assets: Immediately move all cryptocurrency from any wallets that interacted with applications built using the affected SDK version to new, secure wallets. Consider using hardware wallets for enhanced security.
- Rotate Secrets: Rotate all secrets in your development environment, including API keys, database credentials, and any other sensitive information that might have been exposed or could be used in further attacks.
- Pin Dependencies: Make sure all your
@injectivelabspackages are explicitly pinned to the clean1.20.23release or later. Don't rely on broad version ranges (e.g.,^1.20.0) that could inadvertently pull in a malicious version. - Audit Transitive Dependencies: This is the hard part. You need to audit your entire dependency tree to ensure no other packages pulled in the malicious
1.20.21version. Tools likenpm audit, Snyk, and dedicated software supply chain security scanners can help, but they aren't perfect and require diligent review. - Implement Multi-Factor Authentication (MFA): Ensure MFA is enabled on all your GitHub, npm, and other critical developer accounts to prevent credential theft.
- Enhance CI/CD Security: Integrate security scanning into your continuous integration/continuous deployment pipelines to detect suspicious package changes or vulnerabilities before deployment.
- Stay Informed: Follow security advisories from Injective Labs and other reputable security researchers to stay updated on potential threats and best practices.
This incident is a stark reminder that in the world of open-source and Web3, trust is a vulnerability. We can't just blindly pull in packages. Developers need to be more vigilant, and the ecosystem needs better mechanisms for verifying package integrity and developer identity. The quick response from Injective and the security firms shows progress, but the fact that this happened at all means we're still playing catch-up against sophisticated attackers targeting the software supply chain with threats like the Injective SDK stealer.