Skip to main content
    Fake Cryptocurrency Software Update Could Steal Your Digital Wallet
    Cybersecurity
    2 min read

    Fake Cryptocurrency Software Update Could Steal Your Digital Wallet

    A compromised software package was designed to steal cryptocurrency wallet keys. If you use Injective Labs tools, check your version immediately.

    Source

    The Hacker News

    Original headline: Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages

    Plain-English summary by GetCyberRight. Read the full report at the source above.

    Published Friday, July 10, 2026Updated Saturday, July 11, 20262 min read
    Share:

    Hackers broke into the Injective Labs software development system and released a fake version of their cryptocurrency software. This malicious version, labeled 1.20.21, was designed to secretly steal private keys and recovery phrases from cryptocurrency wallets. These are like the passwords and backup codes that give you access to your digital money. This affects people who use Injective Labs SDK tools for cryptocurrency trading or investing. If you downloaded or updated to version 1.20.21 of the @injectivelabs/sdk-ts package, your wallet information may have been stolen. The fake software pretended to collect routine usage data but was actually sending your wallet credentials to criminals.

    If you use Injective Labs software, take these steps immediately:

    1. Check which version of the Injective Labs SDK you have installed. If it is version 1.20.21, assume your wallet keys are compromised.
    2. Move all cryptocurrency from any wallets that were accessible while this version was installed to completely new wallets with new keys.
    3. Never reuse the old wallet addresses or recovery phrases, as criminals may already have them.
    4. Update to a clean, verified version of the software from the official Injective Labs source. For long-term protection with cryptocurrency, only download software directly from official sources. Enable all available security features on your crypto accounts. Consider using hardware wallets for large amounts, as they keep your keys offline where hackers cannot reach them. Always verify software updates are legitimate before installing them, especially for anything that handles your money.

    Protect Yourself

    Use our GCR Data Shield to check if you're affected and take action.

    Found this useful?

    Share it with someone who could use a heads-up.

    Share:

    Curated from trusted cybersecurity sources by GetCyberRight

    Source: The Hacker News

    Discussion

    0

    Sign in to join the discussion.

    Stay ahead of cyber threats

    Get our free weekly digest. Real threats, plain language, what to do about them. No spam, ever.