
Attackers Backdoored Injective SDK on npm to Steal Crypto Wallet Keys
A compromised Injective Labs SDK package on npm was used to harvest private keys and seed phrases, security researchers reported.

Ada Okonkwo
Startups & VC Editor · Lagos
A software supply-chain attack targeting the developer tools of blockchain project Injective has renewed concern over the security of open-source package ecosystems that underpin much of the crypto industry, including projects and teams active across Europe.
According to reporting from BleepingComputer and Cointelegraph, attackers gained access to the GitHub repository behind the Injective Labs software development kit (SDK) and used that access to publish a malicious version of the package on the Node Package Manager, commonly known as npm. The tampered package was designed to steal cryptocurrency wallet private keys and mnemonic seed phrases from affected environments.
Keep reading
OpenMandriva Reports Attempted Internal Sabotage by Contributor
The OpenMandriva Linux project says it faced an attempted act of internal sabotage following a dispute among its contributors.
One newsletter, two continents
The Bridge brings you the tech, startups, and leaders moving between Africa and Europe — one sharp email each morning. No spam, unsubscribe anytime.









