ทันเอไอ

Global AI & tech news, in your language · every story source-checked

🌐Follow
← Back to news
Tools/Open-sourceRumor · unverified

Unconfirmed: Rumor of Injective SDK Package on npm Infected with Crypto Wallet-Stealing Malware

Unverified reports suggest that the Injective Software Development Kit (SDK) package on npm might have been embedded with malware by hackers to steal digital wallet data.

📅 10 Jul 2026, 03:17
Unconfirmed: Rumor of Injective SDK Package on npm Infected with Crypto Wallet-Stealing Malware

Unconfirmed reports circulating in cybersecurity circles claim that the Software Development Kit (SDK) package of Injective Labs, a blockchain protocol for finance, has been compromised by hackers. A malicious version was allegedly published on npm (Node Package Manager), a public code repository for developers, with the objective of stealing Private Keys and Mnemonic Seed Phrases from cryptocurrency wallets. However, an investigation by the "Than AI" news team has not found such reports from BleepingComputer, which was cited as the original source, or from other reputable sources. This leaves the current status of the news as an unconfirmed "rumor." Although the Injective SDK case remains unconfirmed, this type of attack, known as a Supply Chain Attack, has previously occurred multiple times with other packages on npm. For instance, dYdX had fake packages uploaded to the repository to trick developers into downloading code embedded with crypto wallet-stealing malware. The attack pattern involves hackers compromising the accounts of developers managing popular open-source projects, subtly modifying the code to implant malware, and then releasing it as a new version. When other developers incorporate this latest package version, the malware immediately activates within their projects.

Why it matters
This type of attack poses a direct threat to developers and users of crypto projects in Thailand. If developers use infected code, it could lead to the loss of user funds and damage project credibility.
#npm#cryptocurrency#ความปลอดภัยไซเบอร์#supply chain attack

Related news

เครื่องมือ/โอเพนซอร์ส
นักวิจัยเสนอ 'Plan A' ชะลอการสร้าง Superintelligence ถึงปี 2040 เรียกร้องให้เปิดเผยงานวิจัยทั้งหมด
เครื่องมือ/โอเพนซอร์ส
Meta เปิดตัว Muse Spark 1.1 โมเดล AI เขียนโค้ดตัวใหม่ ท้าชน OpenAI และ Anthropic
เครื่องมือ/โอเพนซอร์ส
เทรนด์ใหม่: Slopfix เสนอบริการลบโค้ดที่สร้างโดย AI แก้ปัญหาโค้ดฟุ่มเฟือยในองค์กร
เครื่องมือ/โอเพนซอร์ส
จีนพิจารณาจำกัดการเข้าถึงโมเดล AI ชั้นนำจากต่างประเทศ