
Fake Cryptocurrency Software Update Could Steal Your Digital Wallet
A compromised software package was designed to steal cryptocurrency wallet keys. If you use Injective Labs tools, check your version immediately.
Source
The Hacker News
Original headline: Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages
Plain-English summary by GetCyberRight. Read the full report at the source above.
Hackers broke into the Injective Labs software development system and released a fake version of their cryptocurrency software. This malicious version, labeled 1.20.21, was designed to secretly steal private keys and recovery phrases from cryptocurrency wallets. These are like the passwords and backup codes that give you access to your digital money. This affects people who use Injective Labs SDK tools for cryptocurrency trading or investing. If you downloaded or updated to version 1.20.21 of the @injectivelabs/sdk-ts package, your wallet information may have been stolen. The fake software pretended to collect routine usage data but was actually sending your wallet credentials to criminals.
If you use Injective Labs software, take these steps immediately:
- Check which version of the Injective Labs SDK you have installed. If it is version 1.20.21, assume your wallet keys are compromised.
- Move all cryptocurrency from any wallets that were accessible while this version was installed to completely new wallets with new keys.
- Never reuse the old wallet addresses or recovery phrases, as criminals may already have them.
- Update to a clean, verified version of the software from the official Injective Labs source. For long-term protection with cryptocurrency, only download software directly from official sources. Enable all available security features on your crypto accounts. Consider using hardware wallets for large amounts, as they keep your keys offline where hackers cannot reach them. Always verify software updates are legitimate before installing them, especially for anything that handles your money.
Curated from trusted cybersecurity sources by GetCyberRight
Source: The Hacker NewsStay ahead of cyber threats
Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.
More articles

Government Cybersecurity Agency Accidentally Exposed Its Own Passwords Online
CISA, the agency responsible for protecting government computer systems, had employee passwords accidentally posted publicly on GitHub by a contractor.
2 min read
CISA Contractor Accidentally Exposed Passwords in Public Online Repository
An employee of a contractor working for the U.S. cybersecurity agency CISA accidentally uploaded passwords to a publicly accessible location on GitHub.
2 min readWhy Firmware Attacks Now Threaten Your Smart Home Devices
Six newly discovered vulnerabilities in common device firmware let attackers hide malware where your antivirus can't see it. Here's what families need to know.
3 min readRyuk Ransomware Criminal Faces 15 Years: What Families Need to Know
An Armenian hacker pleaded guilty to ransomware attacks on U.S. businesses. His arrest proves cybercriminals can be caught and prosecuted.
3 min read