A significant software supply chain attack has targeted the cryptocurrency development community. On July 9, 2026, a malicious version of the official Injective Labs Software Development Kit (SDK), packaged as @injectivelabs/sdk-ts, was published to the npm registry. Threat actors reportedly compromised the project's GitHub repository, using this access to push the poisoned package. The malware embedded within the SDK is an infostealer specifically crafted to find and exfiltrate cryptocurrency wallet private keys and mnemonic seed phrases from developers' systems. This attack underscores the persistent threat to open-source ecosystems and the high value placed on developer credentials and assets by malicious actors.
The attack leverages the trust developers place in official software packages from public registries like npm. By compromising a legitimate and widely used package, the attackers can distribute their malware to a large number of downstream targets who unwittingly install the malicious version.
The attack vector was the compromise of the Injective Labs GitHub repository. With control over the source code and publishing credentials, the threat actors were able to inject their malicious code and publish a new version of the @injectivelabs/sdk-ts package. The malware's payload is highly targeted, focusing on stealing secrets that would give the attackers complete control over developers' cryptocurrency assets. This type of attack is particularly dangerous because the malicious code is executed in a trusted development environment, often with elevated privileges.
This incident is not isolated. It follows a pattern of recent supply chain attacks, including the 'Shai-Hulud' malware on PyPI and compromised Laravel Lang packages, indicating a concerted effort by threat actors to exploit the software development lifecycle.
The attack is a classic example of a software supply chain compromise.
T1195.001 - Compromise Software Development Environment.T1195.002 - Compromise Software Supply Chain..env files, wallet backups, etc.) and exfiltrates them to an attacker-controlled server. This corresponds to T1552.001 - Credentials In Files and T1041 - Exfiltration Over C2 Channel.This attack highlights the critical need for security controls not just in production, but within the development environment itself. A single compromised developer account can lead to a widespread supply chain incident affecting thousands of users.
The direct impact is the financial loss for developers whose cryptocurrency wallets are compromised. The stolen private keys and seed phrases grant the attackers irreversible control over the victims' assets. The secondary impact is reputational damage to Injective Labs and a further erosion of trust in the npm ecosystem. For projects and companies that use the compromised SDK, this incident could lead to the compromise of their own systems or customer funds if the stolen developer credentials provided access to production environments. All developers who have used the @injectivelabs/sdk-ts package recently must assume their environments are compromised and take immediate action to rotate keys and transfer assets.
No specific file hashes, IP addresses, or domains were provided in the source articles.
Developers and security teams can look for the following signs of compromise:
package-lock.json@injectivelabs/sdk-ts or unexpected new dependencies.Unusual outbound connectionsnpm install or application runtime to unknown domains or IPs.npm install @injectivelabs/sdk-ts@<malicious_version>CI/CD Pipeline Logsnpm audit, Snyk, or Mend to scan package.json and package-lock.json for known malicious package versions. This is a form of D3FEND's System File Analysis (D3-SFA).npm install command should not be making outbound network connections to arbitrary endpoints. Sandboxing build steps can help detect and block this behavior.package-lock.json or npm-shrinkwrap.json to lock down the specific, vetted versions of dependencies. This prevents the automatic installation of a newly published malicious version.Use lockfiles (package-lock.json) to pin dependencies to specific, vetted versions, preventing automatic updates to potentially malicious new versions.
Regularly audit software dependencies using tools like 'npm audit' to identify packages with known vulnerabilities or malicious code.
Enforce MFA on developer accounts for code repositories (GitHub) and package registries (npm) to prevent takeovers.
Filter outbound network traffic from build servers to prevent malicious install scripts from exfiltrating data.
Harden the npm client configuration to enhance security. First, enforce the use of lockfiles (package-lock.json) in all projects by making it a required check in your CI/CD pipeline. This prevents unexpected dependency updates. Second, configure npm to use a private, trusted registry proxy (like Artifactory or Nexus) instead of the public npmjs.org registry. This proxy should be configured to scan all packages for malware and vulnerabilities before they are cached and made available to developers. This creates a critical checkpoint, preventing malicious packages like the compromised Injective SDK from ever entering the development environment.
Implement strict egress filtering for all developer workstations and, critically, for CI/CD build environments. The malicious Injective SDK needs to exfiltrate stolen keys to an attacker-controlled server. By default, deny all outbound network connections from build agents. Explicitly allowlist only the necessary domains, such as your private package registry and source code repository. Any attempt by a build process (e.g., npm install) to connect to an unauthorized external IP or domain should be blocked and trigger an immediate, high-priority security alert. This containment strategy effectively neuters the malware by cutting off its C2 and exfiltration channel.
Mandate the use of strong, phishing-resistant Multi-Factor Authentication (MFA), such as FIDO2 security keys, for all developer accounts. This includes GitHub, GitLab, npm, and any other platform used in the software development lifecycle. The initial vector for this attack was the compromise of the Injective Labs GitHub repository. Enforcing MFA would have made it significantly more difficult for the attackers to gain the access needed to publish the malicious package. This is a foundational preventative control that directly hardens the accounts that control the software supply chain.
A malicious version of the @injectivelabs/sdk-ts package is discovered on the npm registry.

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.
Help others stay informed about cybersecurity threats
Every tactic, technique, and sub-technique used in this threat has been identified and mapped to the MITRE ATT&CK framework for consistent, actionable threat language.
Observables and indicators of compromise (IOCs) have been extracted and cataloged. Risk has been assessed and correlated with known threat actors and historical campaigns.
Detection rules, incident response steps, and D3FEND-aligned mitigation strategies are included so your team can act on this intelligence immediately.
Structured threat data is packaged as a STIX 2.1 bundle and can be visualized as an interactive graph — relationships between actors, malware, techniques, and indicators.
Sigma detection rules are derived from the threat techniques in this article and can be converted for deployment across any major SIEM or EDR platform.