Breach404
Back to Insights
Cybersecurity2 min readJuly 10, 2026

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

Attackers compromised Injective Labs' GitHub account and published malicious npm packages designed to steal cryptocurrency wallet private keys from developers who installed them. Organizations using npm dependencies should immediately audit their supply c

Could your website be vulnerable to attacks like this?

Run a free 10-point security scan on your site — headers, SSL, DNS, and more. Results in 15 seconds.

Test Your Site Now — It's Free