SlowMist Detects Malicious Injective SDK Dependency Capable of Wallet Key Theft

1 hour ago 2 sources neutral

Key takeaways:

  • Supply chain attack on Injective SDK could hurt INJ price as developer trust falters.
  • Rising supply chain attacks may push institutions to demand certified build pipelines, slowing dApp deployment.
  • Projects using tainted Injective SDK risk hidden wallet compromises, potentially causing sudden INJ volatility.

Security researchers at SlowMist have uncovered a critical vulnerability within the Injective development ecosystem. A malicious dependency has been injected into the official Injective SDK, designed to covertly harvest wallet private keys during the compilation phase.

The compromised package operates stealthily, intercepting wallet generation functions once a developer builds the working environment. When triggered, the malicious component collects sensitive seed phrases and transmits them to servers controlled by external attackers. SlowMist emphasized that this is not a flaw in the Injective blockchain itself, but a software supply chain attack that exploits the open-source dependency pipeline.

According to the firm's report, the code is able to redirect extracted data without alerting the developer. The risk is immediate for any project or user whose wallet was built using the tainted SDK version. SlowMist urged all teams to immediately review installed dependencies and replace the affected library with verified official releases from main repositories.

The discovery adds to a worrying trend of supply chain attacks in Web3 environments, which have increased over the past year. It highlights how crucial it is for development teams to implement continuous audits and cryptographic signatures on every imported module. The incident also carries implications for institutional compliance, as corporate audit teams now face renewed pressure to enforce rigorous software integrity checks before deployment.

While no fund losses have yet been reported, the advisory serves as a stark reminder that crypto infrastructure security must begin at the earliest stages of code development. The market's ongoing shift toward institutional standards makes such supply chain integrity reviews indispensable.

Previously on the topic:
Jul 10, 2026, 9:43 p.m.
Injective Thwarts npm Supply Chain Attack, Zero Funds Compromised
Sources
Injective SDK Hack Risks Private Key Theft
thecryptoupdates.com 15.07.2026 12:03
Disclaimer

The content on this website is provided for information purposes only and does not constitute investment advice, an offer, or professional consultation. Crypto assets are high-risk and volatile — you may lose all funds. Some materials may include summaries and links to third-party sources; we are not responsible for their content or accuracy. Any decisions you make are at your own risk. Coinalertnews recommends independently verifying information and consulting with a professional before making any financial decisions based on this content.