Supply Chain Attack: Malicious Version of Injective Labs SDK on npm Steals Crypto Wallet Keys

Injective Labs SDK on npm Hijacked in Crypto-Stealing Supply Chain Attack

HIGH
July 10, 2026
5m read
Supply Chain AttackMalwareOther

Related Entities

Products & Tech

npmGitHub Laravel Lang

Other

Injective LabsShai-Hulud

Full Report

Executive Summary

A significant software supply chain attack has targeted the cryptocurrency development community. On July 9, 2026, a malicious version of the official Injective Labs Software Development Kit (SDK), packaged as @injectivelabs/sdk-ts, was published to the npm registry. Threat actors reportedly compromised the project's GitHub repository, using this access to push the poisoned package. The malware embedded within the SDK is an infostealer specifically crafted to find and exfiltrate cryptocurrency wallet private keys and mnemonic seed phrases from developers' systems. This attack underscores the persistent threat to open-source ecosystems and the high value placed on developer credentials and assets by malicious actors.


Threat Overview

The attack leverages the trust developers place in official software packages from public registries like npm. By compromising a legitimate and widely used package, the attackers can distribute their malware to a large number of downstream targets who unwittingly install the malicious version.

The attack vector was the compromise of the Injective Labs GitHub repository. With control over the source code and publishing credentials, the threat actors were able to inject their malicious code and publish a new version of the @injectivelabs/sdk-ts package. The malware's payload is highly targeted, focusing on stealing secrets that would give the attackers complete control over developers' cryptocurrency assets. This type of attack is particularly dangerous because the malicious code is executed in a trusted development environment, often with elevated privileges.

This incident is not isolated. It follows a pattern of recent supply chain attacks, including the 'Shai-Hulud' malware on PyPI and compromised Laravel Lang packages, indicating a concerted effort by threat actors to exploit the software development lifecycle.


Technical Analysis

The attack is a classic example of a software supply chain compromise.

  1. Compromise Software Supply Chain: The attackers gained unauthorized access to the Injective Labs GitHub account or repository. This could have been through stolen credentials, session hijacking, or a compromised developer machine. This aligns with T1195.001 - Compromise Software Development Environment.
  2. Push Malicious Code: The attackers injected their crypto-stealing malware into the SDK's codebase.
  3. Publish Malicious Package: Using the compromised access, the attackers published the trojanized package to the public npm registry. This is a form of T1195.002 - Compromise Software Supply Chain.
  4. Execution and Credential Access: When a developer installs or uses the malicious package, the embedded code executes. It scans the local system for files containing private keys or seed phrases (.env files, wallet backups, etc.) and exfiltrates them to an attacker-controlled server. This corresponds to T1552.001 - Credentials In Files and T1041 - Exfiltration Over C2 Channel.

This attack highlights the critical need for security controls not just in production, but within the development environment itself. A single compromised developer account can lead to a widespread supply chain incident affecting thousands of users.


Impact Assessment

The direct impact is the financial loss for developers whose cryptocurrency wallets are compromised. The stolen private keys and seed phrases grant the attackers irreversible control over the victims' assets. The secondary impact is reputational damage to Injective Labs and a further erosion of trust in the npm ecosystem. For projects and companies that use the compromised SDK, this incident could lead to the compromise of their own systems or customer funds if the stolen developer credentials provided access to production environments. All developers who have used the @injectivelabs/sdk-ts package recently must assume their environments are compromised and take immediate action to rotate keys and transfer assets.

IOCs — Directly from Articles

No specific file hashes, IP addresses, or domains were provided in the source articles.

Cyber Observables — Hunting Hints

Developers and security teams can look for the following signs of compromise:

Type
File Name
Value
package-lock.json
Description
Review this file for suspicious versions of @injectivelabs/sdk-ts or unexpected new dependencies.
Type
Network Traffic Pattern
Value
Unusual outbound connections
Description
Monitor for outbound network traffic from Node.js processes during npm install or application runtime to unknown domains or IPs.
Type
Command Line Pattern
Value
npm install @injectivelabs/sdk-ts@<malicious_version>
Description
Audit shell history and CI/CD logs for installation of the specific compromised version(s).
Type
Log Source
Value
CI/CD Pipeline Logs
Description
Scrutinize build logs for unexpected script execution, network connections, or errors during the installation of dependencies.

Detection & Response

  1. Dependency Scanning: Use automated tools like npm audit, Snyk, or Mend to scan package.json and package-lock.json for known malicious package versions. This is a form of D3FEND's System File Analysis (D3-SFA).
  2. Behavioral Monitoring: In CI/CD environments, monitor the behavior of build processes. An npm install command should not be making outbound network connections to arbitrary endpoints. Sandboxing build steps can help detect and block this behavior.
  3. Egress Traffic Filtering: Implement outbound traffic filtering on developer workstations and build servers to block connections to known malicious domains or un-categorized IP addresses. This aligns with D3FEND's Outbound Traffic Filtering (D3-OTF).

Mitigation

  1. Dependency Pinning: Use package-lock.json or npm-shrinkwrap.json to lock down the specific, vetted versions of dependencies. This prevents the automatic installation of a newly published malicious version.
  2. Scoped Registries: For organizations, host a private, vetted copy of public dependencies in a local registry (e.g., Nexus, Artifactory). This provides a buffer and allows for security scanning before packages are made available to developers. This is a form of D3FEND's Application Configuration Hardening (D3-ACH).
  3. MFA for Developer Accounts: Enforce mandatory multi-factor authentication (MFA) on all developer accounts, especially for platforms like GitHub and npm, to prevent account takeovers that lead to these attacks.
  4. Secret Management: Developers should never store private keys or seed phrases in plaintext files. Use secure secret management tools like HashiCorp Vault, AWS KMS, or hardware wallets.

Timeline of Events

1
July 9, 2026
A malicious version of the @injectivelabs/sdk-ts package is discovered on the npm registry.
2
July 10, 2026
This article was published

MITRE ATT&CK Mitigations

Use lockfiles (package-lock.json) to pin dependencies to specific, vetted versions, preventing automatic updates to potentially malicious new versions.

Audit

M1047enterprise

Regularly audit software dependencies using tools like 'npm audit' to identify packages with known vulnerabilities or malicious code.

Enforce MFA on developer accounts for code repositories (GitHub) and package registries (npm) to prevent takeovers.

Filter outbound network traffic from build servers to prevent malicious install scripts from exfiltrating data.

D3FEND Defensive Countermeasures

Harden the npm client configuration to enhance security. First, enforce the use of lockfiles (package-lock.json) in all projects by making it a required check in your CI/CD pipeline. This prevents unexpected dependency updates. Second, configure npm to use a private, trusted registry proxy (like Artifactory or Nexus) instead of the public npmjs.org registry. This proxy should be configured to scan all packages for malware and vulnerabilities before they are cached and made available to developers. This creates a critical checkpoint, preventing malicious packages like the compromised Injective SDK from ever entering the development environment.

Implement strict egress filtering for all developer workstations and, critically, for CI/CD build environments. The malicious Injective SDK needs to exfiltrate stolen keys to an attacker-controlled server. By default, deny all outbound network connections from build agents. Explicitly allowlist only the necessary domains, such as your private package registry and source code repository. Any attempt by a build process (e.g., npm install) to connect to an unauthorized external IP or domain should be blocked and trigger an immediate, high-priority security alert. This containment strategy effectively neuters the malware by cutting off its C2 and exfiltration channel.

Mandate the use of strong, phishing-resistant Multi-Factor Authentication (MFA), such as FIDO2 security keys, for all developer accounts. This includes GitHub, GitLab, npm, and any other platform used in the software development lifecycle. The initial vector for this attack was the compromise of the Injective Labs GitHub repository. Enforcing MFA would have made it significantly more difficult for the attackers to gain the access needed to publish the malicious package. This is a foundational preventative control that directly hardens the accounts that control the software supply chain.

Timeline of Events

1
July 9, 2026

A malicious version of the @injectivelabs/sdk-ts package is discovered on the npm registry.

Article Author

Jason Gomes

Jason Gomes

• Cybersecurity Practitioner

Cybersecurity professional with over 10 years of specialized experience in security operations, threat intelligence, incident response, and security automation. Expertise spans SOAR/XSOAR orchestration, threat intelligence platforms, SIEM/UEBA analytics, and building cyber fusion centers. Background includes technical enablement, solution architecture for enterprise and government clients, and implementing security automation workflows across IR, TIP, and SOC use cases.

Threat Intelligence & AnalysisSecurity Orchestration (SOAR/XSOAR)Incident Response & Digital ForensicsSecurity Operations Center (SOC)SIEM & Security AnalyticsCyber Fusion & Threat SharingSecurity Automation & IntegrationManaged Detection & Response (MDR)

Tags

Supply Chain AttacknpmInjective LabscryptocurrencyinfostealerGitHubdeveloper security

📢 Share This Article

Help others stay informed about cybersecurity threats

🎯 MITRE ATT&CK Mapped

Every tactic, technique, and sub-technique used in this threat has been identified and mapped to the MITRE ATT&CK framework for consistent, actionable threat language.

🧠 Enriched & Analyzed

Observables and indicators of compromise (IOCs) have been extracted and cataloged. Risk has been assessed and correlated with known threat actors and historical campaigns.

🛡️ Actionable Guidance

Detection rules, incident response steps, and D3FEND-aligned mitigation strategies are included so your team can act on this intelligence immediately.

🔗 STIX Visualizer

Structured threat data is packaged as a STIX 2.1 bundle and can be visualized as an interactive graph — relationships between actors, malware, techniques, and indicators.

Sigma Generator

Sigma detection rules are derived from the threat techniques in this article and can be converted for deployment across any major SIEM or EDR platform.