Svmuu News: According to Socket’s monitoring, the Injective blockchain npm package @injectivelabs/sdk-ts was maliciously modified. Attackers compromised the developer’s GitHub account to inject malicious code designed to steal wallet private keys and mnemonic phrases, then encoded the stolen data and sent it to an address masquerading as a legitimate Injective network server. The package receives approximately 50,000 downloads per week. The malicious version 1.20.21 began showing suspicious commits on June 8 and has been locked into 17 other packages within the Injective Labs npm scope; users who have not directly installed this SDK may also be affected.