Injective: Malicious npm Package Downloaded Zero Times, User Funds Unaffected
CoinFeed reported on July 11 that Injective stated on X platform that in response to the npm package security incident reported by some media, its security monitoring system immediately detected and handled the issue upon occurrence. The affected version was deprecated and replaced before it could be downloaded, resulting in the actual download count of the malicious package being zero, and user funds were unaffected. Injective stated that its npm SDK is one of the most widely used development toolkits in the crypto industry, and this incident also validated the effectiveness of its security response procedures. Since the mainnet launch nearly five years ago, no vulnerability on the Injective chain has ever been successfully exploited. Previously, security firm Socket reported that hackers attempted to implant a backdoor in the Injective npm package to steal wallet keys.