Cryptocurrency
Injective Labs' @injectivelabs/sdk-ts npm Package Backdoored to Steal Wallet Private Keys
A compromised release of Injective Labs' TypeScript SDK, @injectivelabs/sdk-ts, and 17 dependent packages hooked wallet key-derivation functions to exfiltrate mnemonic seed phrases and private keys to an endpoint disguised as legitimate Injective infrastructure.