Threat IntelligencePoisoned Injective SDK on npm quietly stole crypto wallet keys for hours
A hijacked contributor account on GitHub pushed a booby-trapped version of a popular blockchain toolkit, siphoning seed phrases from any developer who ran the wrong function.