A backdoored developer kit for the Injective blockchain quietly siphoned wallet seed phrases and private keys before a rapid takedown.A backdoored developer kit for the Injective blockchain quietly siphoned wallet seed phrases and private keys before a rapid takedown.

Hackers Compromised Injective’s 50,000-Download SDK To Steal Seed Phrases From Developers

2026/07/10 13:09
3 min read
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

Hackers slipped wallet-stealing malware into an official Injective (INJ) developer package that averages 50,000 weekly downloads, and the tainted release was fetched 310 times before a rapid cleanup.

Key Points:

Injective SDK Backdoor Details

Security firm Socket disclosed on Thursday that version 1.20.21 of the @injectivelabs/sdk-ts package on npm had been altered through a compromised contributor account on GitHub. The kit is a core building block for wallets, exchanges and trading bots on Injective, a layer-1 blockchain designed for decentralized finance.

The rogue code posed as harmless usage analytics and hooked the functions that turn a seed phrase or a raw private key into a usable signing key. Every time an application called them, it quietly recorded the secrets, batched them for two seconds and sent them to a server disguised as legitimate Injective infrastructure. The stolen material traveled inside a request header, letting it blend into ordinary traffic.

Automated publishing carried the same poisoned version across 17 related packages within minutes of the first malicious commit, widening exposure to teams that never installed the kit directly.

A commit-level analysis showed the payload went live on Jul. 8 and was pulled in under an hour, with a clean version 1.20.23 following shortly after.

Injective CEO Eric Chen reportedly said the issue is already fixed and no funds on the network are at risk. Still, the compromised release was only deprecated on npm rather than removed, leaving it available for download. Artifacts from the tainted build also remained on GitHub at the time of disclosure.

Also Read: Solana’s ETF Moment Gets Harder To Ignore After New Bitwise Filing

Why Crypto Wallet Keys Were The Target

Researchers described the compromise as "significant for developers and applications that handle Injective wallet workflows," though they did not specify whether any assets were stolen. Teams were urged to treat any key or mnemonic that touched the affected versions as compromised, move funds to fresh wallets and rotate every secret in their environments.

Attacks of this kind never touch a blockchain's cryptography. Intruders instead poison the trusted tools developers rely on, turning a single hijacked account into a distribution channel that can quietly reach thousands of downstream applications.

The compromised kit alone counts 87 other npm packages among its direct dependents, analysts reported.

The episode caps a punishing stretch for open-source crypto tooling, following a similar compromise of Axios npm releases in March and the TrapDoor malware campaign that hit crypto and DeFi developers in May. CertiK ranked wallet compromises as the most costly attack vector of the first half of 2026, with $444 million stolen across 33 incidents.

Read Next: Grok 4.5 Challenges OpenAI And Anthropic With Cheaper Agentic AI

World Cup Combo: Aim for 200x

World Cup Combo: Aim for 200xWorld Cup Combo: Aim for 200x

Combine up to 20 World Cup matches in one order

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.

Activate to Enjoy Special Perks

Activate to Enjoy Special PerksActivate to Enjoy Special Perks

Access 0 fees, premium support, and loss coverage.