Guavy AI Editorial TeamSentiment: 4Clout: 40

Injective Foils Npm Supply Chain Attack with No User Funds at Risk

Injective has contained an npm supply chain attack that threatened its packages, but fortunately, no user funds were at risk or compromised. The project's internal monitoring detected the issue before any affected package version was downloaded, allowing for swift action to be taken.

The team removed the affected versions and released a clean replacement package, ensuring that developers using Injective's SDK were not exposed through that package. The malicious package recorded zero downloads before it was deprecated, further supporting the project's claim that no user funds were exposed.

Injective has emphasized its commitment to security, citing the incident as an example of the growing risks from software supply chain attacks in the crypto space. The project's response prevented user exposure before the issue reached production use, demonstrating its proactive approach to safeguarding its users' assets.