Injective Labs SDK project GitHub repository hit by network compromise
Incident
Summary
Hide ▲
Show ▼
The Injective Labs SDK project suffered a GitHub repository compromise that let attackers publish a malicious @injectivelabs/sdk-ts v1.20.21 package, putting developers' wallet secrets at risk. The compromised release was tied to suspicious activity on June 8 and could steal private keys and mnemonic seed phrases from systems that used the SDK. A clean v1.20.23 release followed, but the malicious package had already been downloaded 310 times before deprecation.
Related Happenings
Mastra @mastra/* npm packages hit by network compromise
Incident
H score47
First: 17.06.2026 10:38
Last: 17.06.2026 10:38
Sources 1
About this happening:
**Mastra** @mastra/* npm packages were **compromised** in a **software supply chain attack** that spread through the namespace on **2026-06-17**. Microsoft now attributes the acti...
Mastra @mastra/* npm packages hit by network compromise
IncidentAbout this happening: **Mastra** @mastra/* npm packages were **compromised** in a **software supply chain attack** that spread through the namespace on **2026-06-17**. Microsoft now attributes the acti...
Latest development: 20.06.2026 17:09
Microsoft attributed the Mastra AI supply chain attack to Sapphire Sleet, also known as BlueNoroff, and said the attackers compromised the npm maintainer account ehindero, which had publishing privileges across the Mastra package environment. The June 19 update said more than 140 packages in the @mastra scope were modified to inject easy-day-js.
Easy-day-js Mastra package-publishing campaign
Campaign
H score30
First: 17.06.2026 10:38
Last: 17.06.2026 10:38
Sources 1
About this happening:
The **easy-day-js** campaign mass-published more than **140 malicious npm packages** across the **@mastra/*** namespace, creating broad supply-chain exposure for developers and bu...
Easy-day-js Mastra package-publishing campaign
CampaignAbout this happening: The **easy-day-js** campaign mass-published more than **140 malicious npm packages** across the **@mastra/*** namespace, creating broad supply-chain exposure for developers and bu...
Miasma software supply chain campaign expands to new PyPI wave
Campaign
H score29
First: 09.06.2026 19:34
Last: 09.06.2026 19:34
Sources 1
About this happening:
The **Miasma** supply-chain campaign has expanded into a new **PyPI** wave, increasing the risk that developers and downstream users will ingest **information-stealing malware** t...
Miasma software supply chain campaign expands to new PyPI wave
CampaignAbout this happening: The **Miasma** supply-chain campaign has expanded into a new **PyPI** wave, increasing the risk that developers and downstream users will ingest **information-stealing malware** t...
IronWorm npm supply-chain infection and self-propagation
Malware Activity
H score15
First: 04.06.2026 18:25
Last: 04.06.2026 18:25
Sources 1
About this happening:
**IronWorm** is a **Rust** infostealer in a **npm supply-chain** activity that hides behind an **eBPF kernel rootkit**, communicates over **Tor**, and targets **86 environment var...
IronWorm npm supply-chain infection and self-propagation
Malware ActivityAbout this happening: **IronWorm** is a **Rust** infostealer in a **npm supply-chain** activity that hides behind an **eBPF kernel rootkit**, communicates over **Tor**, and targets **86 environment var...
Asteroiddao hit by network compromise
Incident
H score13
First: 04.06.2026 18:25
Last: 04.06.2026 18:25
Sources 1
About this happening:
**asteroiddao** suffered a compromised-account incident that let malicious npm package versions and repository commits seed a wider **supply-chain attack**. The account was used t...
Asteroiddao hit by network compromise
IncidentAbout this happening: **asteroiddao** suffered a compromised-account incident that let malicious npm package versions and repository commits seed a wider **supply-chain attack**. The account was used t...
Timeline
-
09.07.2026 23:10 1 articles · 3h ago
Compromised contributor account publishes malicious @injectivelabs/sdk-ts v1.20.21
Untyped PhaseA GitHub account belonging to a legitimate Injective Labs contributor was compromised, first suspicious commits appeared on June 8, and @injectivelabs/sdk-ts v1.20.21 was published shortly afterward on npm with code that stole cryptocurrency wallet private keys and mnemonic seed phrases.
Show sources
- Injective SDK on npm infected with cryptocurrency wallet stealer — www.bleepingcomputer.com — 09.07.2026 23:10
-
09.07.2026 23:10 2 articles · 3h ago
Security companies detect wallet-stealing @injectivelabs/sdk-ts supply-chain attack
Initial DisclosureSocket, Ox Security, and StepSecurity detected the supply-chain attack in @injectivelabs/sdk-ts v1.20.21 on July 9, 2026, reporting that the malicious package stole cryptocurrency wallet private keys and mnemonic seed phrases, was downloaded 310 times before deprecation, and was followed by a clean 1.20.23 release after the compromise was reverted.
Show sources
- Injective SDK on npm infected with cryptocurrency wallet stealer — www.bleepingcomputer.com — 09.07.2026 23:10
- Injective SDK on npm infected with cryptocurrency wallet stealer — www.bleepingcomputer.com — 09.07.2026 23:10