買幣
行情
現貨
合約
理財
活動
更多
reward-center新手專區
資訊首頁快訊詳情
Injective npm Package Subject to Malicious Modification, Hacker Attempts to Steal Wallet Private Key and Mnemonic
  • INJ0%

BlockBeats News, July 10th, according to Socket monitoring, the Injective blockchain npm package @injectivelabs/sdk-ts was maliciously modified. The attacker compromised a developer's GitHub account to inject malicious code designed to steal wallet private keys and mnemonic phrases. The stolen data was then encoded and sent to an address disguised as a legitimate Injective network server.

The package had around 50,000 weekly downloads. The malicious version 1.20.21 showed suspicious commits starting on June 8th and was locked in 17 other packages within the Injective Labs npm scope. Users who did not directly install this SDK may also be affected.

來源:BlockBeats

免責聲明:當前內容均來自第三方觀點或由AI直接翻譯第三方觀點,CoinEx不保證內容的真實性、準確性和原創性,不構成CoinEx相關的任何投資建議。數字資產價格波動劇烈,請注意潛在風險。

熱搜榜
  • 幣種
    價格
    24H漲跌