Funds were never at risk: Injective dismisses npm package threat
The post Funds were never at risk: Injective dismisses npm package threat appeared on BitcoinEthereumNews.com. Injective has dismissed concerns that user funds were compromised after attackers planted wallet-key-stealing code in 18 of its official npm developer packages. Meanwhile, security firms warn that the attack exposed the private keys and seed phrases that passed through the software. What happened to Injective? The attack on Injective started when two malicious code changes were pushed directly to the main code branch under the name “thomasRalee” who is a real developer that had previously contributed to the project. There was no code review or pull request, which is unusual, but this gap allowed the bad code to bypass security checks. The malicious code, found by the security firm Socket, was hidden inside version 1.20.21 of @injectivelabs/sdk-ts, the TypeScript SDK that wallets, exchange front ends, and trading bots use to build on Injective. The attackers reportedly adde