Hackers attempted to backdoor an Injective npm package with malware designed to steal wallet keys, according to Cointelegraph, citing findings from Socket researchers. The reported compromise targeted software used in development workflows tied to Injective wallets.
The development is significant because npm packages can sit inside the code paths used by applications and developer tools. For crypto projects, a compromised package can create risk for teams building wallet-related features, especially where private keys or signing flows are involved.
Socket researchers said the incident is particularly relevant for developers and applications that handle Injective wallet workflows. That makes the issue less about a broad market move and more about software supply-chain security in crypto infrastructure.
The case is another reminder that crypto security risks are not limited to smart contracts, exchanges, or phishing campaigns. Developer dependencies can also become attack surfaces when malicious code is inserted into packages relied on by applications.
Cointelegraph’s report did not provide additional market impact details in the supplied material. The core takeaway is that teams using Injective-related npm tooling should treat package integrity and dependency review as part of their wallet security process.