Skip to main content
Emerging ThreatsMalware & Ransomware

GitHub Compromise Injects Malicious npm Packages with Wallet-Key-Stealing Code

Developer workstation with code on laptop screen and GitHub/npm interface in background.

Injective Labs' SDK version @injectivelabs/sdk-ts@1.20.21, published on July 8, 2026, was used to seed the npm registry with a wallet-key-stealing backdoor that was then propagated into 17 additional @injectivelabs-scoped packages.

The intrusion: trusted maintainer credentials and a compromised GitHub pipeline

Socket reported the malicious code was pushed to the project's official GitHub repository through commits made by "a GitHub account belonging to a developer with an established history of contributions to the repository." StepSecurity added that the release was facilitated through the repository's trusted-publisher (OIDC) pipeline and that the malicious commits were authored and pushed under the identity "thomasRalee." The combination of an existing contributor account and the project's own CI/CD trust mechanism permitted the attacker to publish a poisoned package to npm.

How the malware worked: a fake telemetry function that steals secrets

The compromised @injectivelabs/sdk-ts@1.20.21 embedded a function named trackKeyDerivation() presented as telemetry. The package description for that supposed telemetry reads: "Tracks which key derivation methods are used (hex vs mnemonic) and derives timing patterns to help the SDK team identify performance bottlenecks and understand adoption of different key formats across the ecosystem. All metrics are fire-and-forget and never block or affect key derivation."

In reality, Socket found, parameters passed to the function included a hard-coded marker describing the method used and "the actual sensitive information needed for generating the private key." That captured material, Socket said, is sufficient for a remote actor "to regenerate the private key at their end." OX Security summarized the behavior plainly: "The malware adds crypto wallet stealing logic to a crypto wallet package, every time a legitimate user creates or uses the logic that reads mnemonic phrases – which are basically the master key for any crypto wallet, the malware reads them and sends them to the remote server."

Exfiltration mechanics: stealthy, queued beacons to a remote host

The malware avoided common detection cues by not using lifecycle scripts and by refraining from launching during installation, a design choice that helped it "fly under the radar." To reduce outbound traffic, the code aggregated multiple key derivations over a two-second window into a single queue and then transmitted them in a single HTTPS POST request. Socket identified the destination host used by the beacon as "testnet.archival.chain.grpc-web.injective[.]network."

Scope: 17 additional @injectivelabs packages and transitive risk

Beyond the SDK package itself, the attacker pushed version 1.20.21 across 17 additional @injectivelabs scoped packages that depended on and pinned the malicious SDK version, creating transitive exposure for projects that did not directly install the SDK. Socket listed the affected packages as:

  • @injectivelabs/utils
  • @injectivelabs/networks
  • @injectivelabs/ts-types
  • @injectivelabs/exceptions
  • @injectivelabs/wallet-base
  • @injectivelabs/wallet-core
  • @injectivelabs/wallet-cosmos
  • @injectivelabs/wallet-private-key
  • @injectivelabs/wallet-evm
  • @injectivelabs/wallet-trezor
  • @injectivelabs/wallet-cosmostation
  • @injectivelabs/wallet-ledger
  • @injectivelabs/wallet-wallet-connect
  • @injectivelabs/wallet-magic
  • @injectivelabs/wallet-strategy
  • @injectivelabs/wallet-turnkey
  • @injectivelabs/wallet-cosmos-strategy

Socket noted the malicious release has been deprecated on npm, but the release artifacts for the compromised 1.20.21 version remained available for download from GitHub "as of writing," creating an ongoing avenue for exposure.

What this means for developers, wallet users, and repository maintainers

Developers who installed the compromised version are advised to update to the newly published clean version, 1.20.23. The guidance also recommends treating any private key or mnemonic phrase that was passed through the package as compromised and rotating those credentials. Projects should audit their dependency trees for transitive inclusion of @injectivelabs packages that may have pinned 1.20.21.

The technical particulars—use of a trusted maintainer identity, exploitation of an OIDC trusted-publisher pipeline, avoidance of install-time lifecycle scripts, aggregation of exfiltrated material into a single HTTPS POST, and a destination domain—are concrete data points organizations can use to confirm whether their builds or environments were exposed.

The incident underscores a narrow but consequential attack pattern: modifying a crypto wallet library to capture mnemonics and derivation data, then quietly shipping that capability through legitimate release mechanisms. Socket, StepSecurity, and OX Security have supplied forensic detail; the immediate practical steps—upgrade to 1.20.23, rotate affected keys, and audit transitive dependencies—are the mitigations reported alongside those findings.

Read the original report: https://thehackernews.com/2026/07/injective-labs-github-compromise-pushes.html