50,000 weekly downloads — that is the reach of the Injective SDK package on npm that researchers say was briefly poisoned with code designed to steal cryptocurrency wallet private keys and mnemonic seed phrases.
How the GitHub account was used to publish a poisoned release
Security teams at Socket, Ox Security, and StepSecurity reported that attackers compromised a legitimate Injective Labs contributor's GitHub account and made the first suspicious commits on June 8. The threat actor quickly published a malicious npm package version, labeled 1.20.21, for the @injectivelabs/sdk-ts project. The attacker then pushed version 1.20.21 for another 17 project-associated packages and pinned them to the compromised SDK release.
What the malicious code did when invoked
According to the researchers, the backdoor did not activate at install time. Instead, the malware executed when developers called SDK functions that generate or import wallet keys. At that moment the malicious code captured the full mnemonic seed phrase and private key, encoded the captured data in base64, and exfiltrated it by sending an HTTP POST request to an Injective Labs public infrastructure endpoint — a tactic intended to make the network traffic look legitimate.
StepSecurity added that the malware queued multiple keys and mnemonics for two seconds, aggregated them, and placed them in the HTTP request header before transmitting the bundle to the attacker-controlled endpoint. With those secrets, attackers could port victims' wallets to their own devices and access or transfer digital assets.
Scale and collateral exposure: downloads and dependency graph
The Injective SDK is a TypeScript/JavaScript toolkit used by developers building cryptocurrency wallets, trading bots, decentralized exchanges, DeFi applications, and payment tools. The package records roughly 50,000 weekly downloads on npm, the researchers noted.
Socket reported the specific, malicious 1.20.21 release was downloaded 310 times before it was deprecated. Socket also emphasized the malicious GitHub release artifacts remain available even after deprecation. Ox Security highlighted dependency risk: the SDK lists 87 direct npm dependencies with a cumulative download count of a little over 112,000, and the researchers warned there are likely additional transitive dependencies beyond those 87.
Immediate mitigation and residual risk
The legitimate account owner detected the compromise within minutes, reverted the unauthorized commits, and published a clean release identified as version 1.20.23. Nonetheless, the researchers warned that developer systems which fetched the malicious packages during the window of exposure or used the compromised artifacts are likely already compromised.
The guidance published alongside the technical findings is direct: developers who suspect compromise should transfer cryptocurrency to new wallets and rotate all secrets in their environment. Socket also noted the malicious release was deprecated rather than removed — leaving artifacts accessible — which preserves risk for any system that later inspects or installs historical releases.
What this means for developers, DeFi app builders, and end users
- Developers building wallets, trading bots, DEXs, DeFi apps, and payment tools: inspect your dependency tree for any use of @injectivelabs/sdk-ts version 1.20.21 or packages pinned to it; rotate keys and secrets if you used functions that generate or import wallet keys while the malicious version was present.
- Projects depending on the 87 directly listed npm dependencies (and their transitive packages): treat the advisory as a reminder that transitive dependencies widen exposure — inventory and scan the full supply chain for 1.20.21 artifacts and related releases.
- End users holding on-chain assets: if a developer tool, wallet, or service you rely on upgraded to the malicious release or used it to create or import keys, move funds to new wallets and insist the provider rotate any secrets derived from affected systems.
The injected code’s activation pattern — firing only during wallet key generation or import — and the decision to exfiltrate through an Injective Labs public endpoint both demonstrate a targeted attempt to blend with legitimate developer workflow. With the malicious artifacts still accessible on GitHub and 1.20.21 deprecated rather than removed, a clear question remains for project maintainers and repository hosts: will they fully purge the tainted artifacts and perform a complete audit of transitive dependencies to break lingering attack paths?




