Compromised @injectivelabs/sdk-ts exfiltrates wallet keys through fake telemetry
A critical, targeted supply chain attack has struck the decentralized finance and Web3 space via a malicious release of the @injectivelabs/sdk-ts library. Attackers successfully intercepted the package repository and embedded a highly damaging wallet-key stealer. To evade standard signature-based detection and automated scanning tools, the malicious functions were cleverly cloaked under code components labeled as routine usage telemetry. The compromise rapidly cascaded across the open-source ecosystem, actively contaminating over 17 downstream npm packages that depend on this SDK. The primary threat vector involves the unauthorized capture and immediate exfiltration of private cryptographic wallet keys and mnemonic phrases, exposing substantial institutional and retail capital to total depletion.Defending against this breach demands immediate deprecation and removal of the tainted SDK versions from all internal and production builds. Development teams must execute deep code verification on all 17 associated downstream dependencies. Because private wallet keys may have already been exfiltrated during the active compromise window, simple patching is insufficient; organizations must proactively rotate all cryptographic keys, migrate assets to entirely new, uncompromised smart contracts or hardware wallets, and review network outbound logs for telemetry anomaly spikes.If you need expert assistance in identifying compromised packages, securing your CI/CD pipelines, or conducting an emergency supply chain audit, contact Cyberlinx today to protect your development environment.
Related Articles





