Find notable cyber news and cases, enriched with sources, timelines, and signals.

Injective Labs SDK project GitHub repository hit by network compromise

Incident
First reported
Last updated
Happening score
H score 21
1 unique sources, 1 articles

Summary

Hide ▲

The Injective Labs SDK project suffered a GitHub repository compromise that let attackers publish a malicious @injectivelabs/sdk-ts v1.20.21 package, putting developers' wallet secrets at risk. The compromised release was tied to suspicious activity on June 8 and could steal private keys and mnemonic seed phrases from systems that used the SDK. A clean v1.20.23 release followed, but the malicious package had already been downloaded 310 times before deprecation.

Related Happenings

Mastra @mastra/* npm packages hit by network compromise

Incident
H score47 First: 17.06.2026 10:38 Last: 17.06.2026 10:38 Sources 1

About this happening: **Mastra** @mastra/* npm packages were **compromised** in a **software supply chain attack** that spread through the namespace on **2026-06-17**. Microsoft now attributes the acti...

Latest development: 20.06.2026 17:09

Microsoft attributed the Mastra AI supply chain attack to Sapphire Sleet, also known as BlueNoroff, and said the attackers compromised the npm maintainer account ehindero, which had publishing privileges across the Mastra package environment. The June 19 update said more than 140 packages in the @mastra scope were modified to inject easy-day-js.

Easy-day-js Mastra package-publishing campaign

Campaign
H score30 First: 17.06.2026 10:38 Last: 17.06.2026 10:38 Sources 1

About this happening: The **easy-day-js** campaign mass-published more than **140 malicious npm packages** across the **@mastra/*** namespace, creating broad supply-chain exposure for developers and bu...

Miasma software supply chain campaign expands to new PyPI wave

Campaign
H score29 First: 09.06.2026 19:34 Last: 09.06.2026 19:34 Sources 1

About this happening: The **Miasma** supply-chain campaign has expanded into a new **PyPI** wave, increasing the risk that developers and downstream users will ingest **information-stealing malware** t...

IronWorm npm supply-chain infection and self-propagation

Malware Activity
H score15 First: 04.06.2026 18:25 Last: 04.06.2026 18:25 Sources 1

About this happening: **IronWorm** is a **Rust** infostealer in a **npm supply-chain** activity that hides behind an **eBPF kernel rootkit**, communicates over **Tor**, and targets **86 environment var...

Asteroiddao hit by network compromise

Incident
H score13 First: 04.06.2026 18:25 Last: 04.06.2026 18:25 Sources 1

About this happening: **asteroiddao** suffered a compromised-account incident that let malicious npm package versions and repository commits seed a wider **supply-chain attack**. The account was used t...

Timeline

  1. 09.07.2026 23:10 1 articles · 3h ago

    Compromised contributor account publishes malicious @injectivelabs/sdk-ts v1.20.21

    Untyped Phase

    A GitHub account belonging to a legitimate Injective Labs contributor was compromised, first suspicious commits appeared on June 8, and @injectivelabs/sdk-ts v1.20.21 was published shortly afterward on npm with code that stole cryptocurrency wallet private keys and mnemonic seed phrases.

    Show sources
  2. 09.07.2026 23:10 2 articles · 3h ago

    Security companies detect wallet-stealing @injectivelabs/sdk-ts supply-chain attack

    Initial Disclosure

    Socket, Ox Security, and StepSecurity detected the supply-chain attack in @injectivelabs/sdk-ts v1.20.21 on July 9, 2026, reporting that the malicious package stole cryptocurrency wallet private keys and mnemonic seed phrases, was downloaded 310 times before deprecation, and was followed by a clean 1.20.23 release after the compromise was reverted.

    Show sources