AI Security AI安全 3h ago Updated 2h ago 更新于 2小时前 49

Injective Labs GitHub Compromise Pushes Wallet-Key-Stealing npm Packages Injective Labs GitHub遭入侵,推送窃取钱包密钥的npm恶意包

Threat actors compromised the Injective Labs SDK GitHub repository, injecting malicious code into version 1.20.21 to steal cryptocurrency wallet private keys and mnemonic seed phrases. The attack leveraged a trusted maintainer's identity ("thomasRalee") and the repository's OIDC pipeline to publish the malicious package, which spread to 17 dependent scoped packages. The malware disguised key exfiltration as anonymous telemetry via a "trackKeyDerivation()" function, sending sensitive data to an e Injective Labs GitHub仓库遭入侵,攻击者利用受信任维护者账号发布恶意npm包窃取加密货币私钥和助记词。 恶意代码伪装成遥测功能,在密钥派生时通过`trackKeyDerivation()`函数收集敏感数据并发送至外部服务器。 攻击波及17个相关Scoped包,利用依赖传递性影响未直接安装该SDK的开发者,隐蔽性强。 恶意版本已通过OIDC流水线发布,目前官方已下架旧版本并推出修复版1.20.23,建议用户立即更新并轮换密钥。

75
Hot 热度
70
Quality 质量
65
Impact 影响力

Analysis 深度分析

TL;DR

  • Threat actors compromised the Injective Labs SDK GitHub repository, injecting malicious code into version 1.20.21 to steal cryptocurrency wallet private keys and mnemonic seed phrases.
  • The attack leveraged a trusted maintainer's identity ("thomasRalee") and the repository's OIDC pipeline to publish the malicious package, which spread to 17 dependent scoped packages.
  • The malware disguised key exfiltration as anonymous telemetry via a "trackKeyDerivation()" function, sending sensitive data to an external server while avoiding detection by bypassing installation lifecycle scripts.
  • Immediate remediation requires updating to version 1.20.23, rotating all compromised keys, and auditing transitive dependencies for similar supply chain vulnerabilities.

Why It Matters

This incident highlights the critical vulnerability of open-source software supply chains, demonstrating how compromising a single maintainer account can cascade into widespread theft of cryptographic assets across numerous dependent projects. It serves as a stark warning to developers and organizations relying on third-party libraries to implement rigorous verification processes for package integrity and maintainer identities.

Technical Details

  • Attack Vector: The malicious code was introduced via commits from a compromised account of an established contributor, utilizing the project's trusted-publisher (OIDC) CI/CD pipeline to automate the release process.
  • Malware Mechanism: The payload modified legitimate key generation functions by invoking a fake telemetry function named trackKeyDerivation(). This function collected hard-coded markers and sensitive derivation parameters under the guise of optimizing SDK performance.
  • Exfiltration Strategy: To evade detection, the malware avoided npm lifecycle scripts (like preinstall) and instead triggered upon library usage. It queued key derivation data over a two-second window and transmitted it via a single HTTPS POST request to testnet.archival.chain.grpc-web.injective[.]network.
  • Scope of Impact: The malicious SDK version (1.20.21) was pinned by 17 additional @injectivelabs scoped packages, including various wallet modules (e.g., wallet-cosmos, wallet-evm), exposing transitive users who did not directly install the compromised package.

Industry Insight

  • Supply Chain Vigilance: Organizations must move beyond simple dependency checks and implement strict verification of package provenance, particularly for high-value targets like crypto infrastructure. Regular audits of maintainer activity and CI/CD pipeline configurations are essential.
  • Zero Trust for Dependencies: Developers should assume that popular open-source packages may be compromised. Implementing software bill of materials (SBOM) analysis and runtime monitoring for anomalous network calls from libraries can help detect such intrusions early.
  • Incident Response Protocols: Immediate rotation of credentials and keys is non-negotiable upon discovery of a supply chain breach. Companies should have predefined playbooks for identifying and isolating affected services when a trusted library is compromised.

TL;DR

  • Injective Labs GitHub仓库遭入侵,攻击者利用受信任维护者账号发布恶意npm包窃取加密货币私钥和助记词。
  • 恶意代码伪装成遥测功能,在密钥派生时通过trackKeyDerivation()函数收集敏感数据并发送至外部服务器。
  • 攻击波及17个相关Scoped包,利用依赖传递性影响未直接安装该SDK的开发者,隐蔽性强。
  • 恶意版本已通过OIDC流水线发布,目前官方已下架旧版本并推出修复版1.20.23,建议用户立即更新并轮换密钥。

为什么值得看

此次事件揭示了软件供应链攻击的新变种,即通过劫持受信任维护者身份并利用CI/CD自动化流程(如OIDC)发布恶意代码,极大增加了检测难度。对于AI及区块链开发者而言,这强调了在集成第三方开源库时进行深度安全审计和依赖隔离的重要性,特别是在处理高价值资产(如加密钱包)的场景下。

技术解析

  • 攻击向量与传播:攻击者控制了名为“thomasRalee”的受信任维护者GitHub账号,通过仓库自带的trusted-publisher (OIDC) CI/CD流水线发布了恶意版本@injectivelabs/sdk-ts@1.20.21。该恶意版本被17个其他@injectivelabs scoped包(如utils, networks, wallet-base等)依赖并锁定,导致间接依赖这些包的开发者也中招。
  • 恶意逻辑实现:恶意代码未使用生命周期脚本(如install hooks),而是嵌入在正常库功能中,仅在开发者调用密钥生成逻辑时触发。它修改了合法的密钥派生函数,以“收集匿名使用指标以优化SDK性能”为名,调用trackKeyDerivation()
  • 数据窃取机制:该函数捕获用于生成私钥的参数(包括硬编码的方法标记和实际敏感信息),足以让攻击者在服务端重构私钥。为了降低被防火墙或监控发现的概率,恶意软件将两秒内收集的多个密钥派生请求合并,通过单个HTTPS POST请求发送到外部服务器testnet.archival.chain.grpc-web.injective.network
  • 缓解措施:官方已将恶意版本标记为deprecated,并发布了干净版本1.20.23。受影响用户需更新包,并将所有经过该库处理的私钥或助记词视为泄露,立即轮换。

行业启示

  • 强化CI/CD与发布管道安全:仅依靠代码审查不足以防范供应链攻击,必须严格限制CI/CD流水线(特别是OIDC等自动发布机制)的权限,实施多因素认证和异常提交行为监控,防止受信任账号被滥用。
  • 最小权限与依赖隔离:开发者应警惕大型生态系统中子包的连锁风险。建议在构建环境中锁定依赖版本,定期扫描transitive dependencies(传递依赖),并对涉及敏感操作(如密钥管理)的库进行独立沙箱测试或代码审计。
  • 建立快速响应与密钥轮换文化:一旦确认第三方组件被污染,必须假设所有通过该组件处理过的敏感数据均已泄露。组织应预先制定密钥轮换预案,确保在遭遇供应链攻击时能迅速切断损失,而非仅依赖补丁更新。

Disclaimer: The above content is generated by AI and is for reference only. 免责声明:以上内容由 AI 生成,仅供参考。

Open Source 开源 Security 安全