Socket Identifies Malicious Version of Injective SDK in npm

In Crypto Regulations
July 10, 2026

Socket Identifies Malicious Version of Injective SDK in npm

Researchers at Socket discovered a compromised version of the Injective SDK npm package, version 1.20.21, which intercepted wallet seed phrases and private keys.

The incident is linked to the compromise of a developer’s GitHub account. According to Socket, suspicious commits appeared on June 8, 2026.

The malicious release altered key derivation functions, stored private keys and seed phrases, and then sent them via fake telemetry to an address disguised as an Injective server.

Socket also detected version 1.20.21 in 17 other packages within the Injective Labs namespace on npm. This could have affected users who did not install the SDK directly.

Researchers advised treating any keys and seed phrases processed through the affected packages as compromised. According to Socket, the malicious version was downloaded at least 300 times. The hacker attack had not been fully contained at the time of publication.

Injective CEO Eric Chen stated that the issue has been resolved and the affected versions on npm have been marked as deprecated. He assured that funds on the network are not at risk. Socket did not report any confirmed theft of funds.

In July, CertiK analysts reported that wallet compromises were the most costly attack vector in the first half of 2026, with losses amounting to $444.5 million across 33 incidents.

Avatar photo
/ Published posts: 719

Steven M. Crimmins is a cryptocurrency strategist and freelance writer who has followed the blockchain industry since Bitcoin’s early days. Known for his sharp analysis of altcoins and trading strategies, Steven provides Satoshi News Africa readers with market-focused content grounded in research. He is especially interested in how African traders are adopting crypto as an alternative to traditional markets. Steven is also a podcast host, where he discusses emerging technologies and investment trends.