Compromised Injective SDK sends wallet keys through fake telemetry

A malicious update to an Injective developer package has exposed private keys and seed phrases after being downloaded more than 300 times, Socket has found. According to security firm Socket, version 1.20.21 of the @injectivelabs/sdk-ts npm package, which has about…