Full Report
Unknown threat actors compromised the Injective Labs SDK project's GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases. The compromised version, @injectivelabs/[email protected], came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was
Analysis Summary
# Incident Report: Injective Labs SDK Supply Chain Compromise
## Executive Summary
The Injective Labs SDK project's GitHub repository and npm registry were compromised when a trusted maintainer's account was used to inject malicious code into the `@injectivelabs/sdk-ts` package. The malware, disguised as a telemetry function, was designed to exfiltrate cryptocurrency wallet private keys and mnemonic seed phrases to an attacker-controlled server. The incident impacted the primary SDK and 17 dependent packages, potentially compromising any users who performed key derivation tasks using the affected versions.
## Incident Details
- **Discovery Date:** July 10, 2026 (Public reporting)
- **Incident Date:** July 8, 2026
- **Affected Organization:** Injective Labs
- **Sector:** Cryptocurrency / Decentralized Finance (DeFi)
- **Geography:** Global
## Timeline of Events
### Initial Access
- **Date/Time:** July 8, 2026
- **Vector:** Compromised Maintainer Account / Repository Hijacking
- **Details:** Malicious commits were pushed to the official GitHub repository using the account of a trusted maintainer ("thomasRalee"). Because the project used an OIDC (OpenID Connect) trusted-publisher pipeline, these malicious commits were automatically built and published to the npm registry as version 1.20.21.
### Lateral Movement
- **Details:** Not applicable in the traditional network sense; however, the "movement" occurred across the software ecosystem. The attacker updated 17 additional scoped packages (e.g., `@injectivelabs/wallet-core`, `@injectivelabs/wallet-ledger`) to depend on the malicious SDK version, maximizing the reach of the compromise to transitive users.
### Data Exfiltration/Impact
- **Details:** The malware intercepted sensitive inputs during the key derivation process. It captured mnemonic phrases and private keys, queued them for two seconds to batch results, and exfiltrated them via HTTPS POST requests to a fake endpoint: `testnet.archival.chain.grpc-web.injective[.]network`.
### Detection & Response
- **How it was discovered:** Security research firms (Socket, OX Security, and StepSecurity) identified the malicious code within the npm package.
- **Response actions taken:** The malicious version was deprecated on the npm registry, and a clean version (1.20.23) was released. Stakeholders were notified to rotate keys.
## Attack Methodology
- **Initial Access:** Account takeover or unauthorized use of a trusted maintainer's GitHub credentials.
- **Persistence:** Implementation within the official codebase and propagation through 17 dependent packages.
- **Defense Evasion:**
- The malware avoided npm "lifecycle scripts" (like `postinstall`), which are often flagged by security scanners.
- It used "stealthy exfiltration" by waiting for legitimate user actions rather than running immediately.
- It disguised the theft as "anonymized usage metrics" for performance optimization.
- **Credential Access:** Direct interception of mnemonic seed phrases and private keys during the derivation process.
- **Exfiltration:** HTTPS POST requests batching stolen data to a domain masquerading as a legitimate Injective Labs sub-domain.
## Impact Assessment
- **Financial:** Potentially high; any wallet accessed using the malicious SDK version is at risk of total fund drainage.
- **Data Breach:** Exposure of highly sensitive cryptographic secrets (Private Keys and Mnemonics).
- **Operational:** Disruption of the Injective developer ecosystem and necessity for emergency patching of nearly 20 packages.
- **Reputational:** Significant impact on trust regarding the security of the Injective Labs supply chain and OIDC pipeline integrity.
## Indicators of Compromise
- **Network Indicators:** `testnet.archival.chain.grpc-web.injective[.]network`
- **File Indicators:** `@injectivelabs/sdk-ts` (version 1.20.21)
- **Behavioral Indicators:** Presence of a `trackKeyDerivation()` function within the SDK code that attempts outbound connections during key generation.
## Response Actions
- **Containment:** Deprecation of version 1.20.21 on the npm registry to prevent new installs.
- **Eradication:** Removal of malicious code from the main branch and release of a verified clean version (1.20.23).
- **Recovery:** Public advisory issued for users to move funds to new wallets and rotate any keys handled by the compromised package.
## Lessons Learned
- **OIDC Trust Limits:** Automated "trusted-publisher" pipelines can facilitate the rapid spread of malware if the source repository is compromised, as they bypass manual registry hurdles.
- **Maintainer Security:** Even accounts with an "established history" are high-value targets; MFA and strict commit signing are essential.
- **Blind Trust in Scoped Packages:** Developers often trust "scoped" packages (like `@injectivelabs/`) more than individual packages, which attackers can exploit to hide in plain sight.
## Recommendations
- **Rotate Credentials:** Immediately move assets to new wallets if you interacted with version 1.20.21.
- **Dependency Pinning:** Use lockfiles and audit transitive dependencies regularly.
- **Enhanced Code Review:** Implement mandatory multi-party review for all commits to core SDKs, even from trusted maintainers.
- **Monitoring:** Monitor for unusual outbound network traffic from development and production environments, specifically to unknown or look-alike endpoints.