
Hackers backdoor Injective npm package for wallet keys
A compromised GitHub maintainer account allowed attackers to push malicious code to the Injective TypeScript SDK on July 8, 2026, targeting wallet private keys. The poisoned version 1.20.21 of @inject








