Unknown threat actors compromised the Injective Labs SDK project’s GitHub repository and leveraged it to publish a malicious package on the npm registry to steal cryptocurrency wallet private keys and mnemonic seed phrases.

The compromised version, @injectivelabs/[email protected], came embedded with fake telemetry functionality that exfiltrated data from cryptocurrency wallets. The version was…

Read the rest of the story at Read More

Source: The Hacker News

Related posts

Leave a Comment