Rankiteo Logo
Rankiteo
Leader in Cyber Underwriting
Loading...
NEWRankiteo Cyber Underwriting Desktop - Score, price, and bind from your desktop
WindowsmacOSLinux
Download
Injective Labs

Injective Labs Vendor Cyber Rating & Cyber Score

injectivelabs.org

Injective Labs is a research and development company focused on creating unmatched Web3 infrastructure and finance solutions. It is one of the core contributors to Injective.


Injective Labs A.I CyberSecurity Scoring

Injective Labs
Company Information
Website:https://www.injectivelabs.org/
Employees number:31
Number of followers:785
NAICS:5112
Industry Type:Software Development
Homepage:injectivelabs.org
Injective Labs Risk Score (AI oriented)
Between 650 and 699
logo
Injective LabsSoftware Development
Updated:
10/07/2026
688/1000
Weak
B
AaaAaABaaBaBCaaCaC
Powered by our proprietary A.I cyber incident model
Insurance prefers TPRM score to calculate premium
Injective Labs Global Score (TPRM)
xxxx
logo
Injective LabsSoftware Development
•••
Score locked
Instant access to detailed risk factors
Vulnerabilities
Benchmark vs. industry & size peers
Findings

Injective Labs
Injective LabsWeak
Current Score
688B (WEAK)
01000
1 incidents
-63 avg impact
Incident timeline with MITRE ATT&CK tactics, techniques, and mitigations.
JULY 2026
751Before Incident
Breach
10 Jul 2026Injective Labs
Injective Labs and Injective Protocol: Injective Labs’ npm SDK Poisoned to Steal Crypto Wallet Credentials

Injective Labs npm SDK Compromised in Supply Chain Attack Targeting Crypto Wallets

688After Incident
CRITICAL-63
INJ1783693487
Injective Labs npm SDK Compromised in Supply Chain Attack Targeting Crypto Wallets Attackers breached Injective Labs’ official source code repository, injecting malicious code into the company’s npm SDK packages a trusted developer toolkit used by blockchain and DeFi application builders on the Injective Protocol. The compromised packages, distributed through the legitimate repository, contained credential-stealing malware designed to exfiltrate cryptocurrency wallet seed phrases and private keys directly from developers’ environments. Unlike typosquatting or lookalike attacks, this was a repository-level compromise, meaning even developers who verified package authenticity checking publisher identity, download sources, and provenance unwittingly installed the tainted SDK. Standard supply chain security practices, such as confirming package origins, offered no protection, as the official source itself was compromised. The attack specifically targeted BIP-39 mnemonic seed phrases, which grant irreversible access to all wallet addresses derived from them. Once stolen, these phrases allow attackers to drain funds from every associated wallet, with no revocation mechanism available. The malware also sought private keys and credentials stored in developers’ environments, amplifying the risk for those working with production wallets. The Injective Protocol’s DeFi-focused ecosystem made its developers prime targets. Unlike traditional software development, DeFi builders often test integrations against live blockchains, requiring real wallet credentials in their environments. This operational reality meant the compromised SDK had access to high-value production wallets, not just test accounts with minimal balances. The incident highlights a critical gap in supply chain security: verifying package authenticity is insufficient when the official repository is breached. Previous attacks, such as fake Paysafe or Skrill SDK campaigns, relied on deception to trick developers into installing counterfeit packages. In contrast, the Injective breach exploited trust in the legitimate source, bypassing identity-based defenses entirely. Developers who installed or updated the affected npm packages during the compromise window were advised to treat all credentials in their environments as compromised. This included migrating funds to new wallets, rotating API keys, and auditing production systems for exposed credentials. Official disclosure materials from Injective Labs provided details on the affected packages, versions, and the exact exposure period.
INCIDENT DETAILS -
TYPE
Supply Chain Attack
MOTIVATION
Financial gain (cryptocurrency theft)
IMPACT
Data Compromised: Cryptocurrency wallet seed phrases, private keys, credentialsSystems Affected: Developers' environments, production walletsOperational Impact: Developers advised to migrate funds to new wallets, rotate API keys, and audit production systemsBrand Reputation Impact: Exploitation of trust in official repositoryIdentity Theft Risk: High (irreversible access to wallet addresses)Payment Information Risk: High (private keys and seed phrases compromised)
DATA BREACH
Cryptocurrency wallet seed phrasesPrivate keysCredentialsSensitivity Of Data: High (BIP-39 mnemonic seed phrases, private keys)Data Exfiltration: Yes (malware designed to exfiltrate data)Personally Identifiable Information: Wallet seed phrases and private keys (linked to cryptocurrency holdings)
JUNE 2026
751Before Incident
MAY 2026
751Before Incident
APRIL 2026
751Before Incident
MARCH 2026
751Before Incident
FEBRUARY 2026
751Before Incident
JANUARY 2026
751Before Incident
DECEMBER 2025
751Before Incident
NOVEMBER 2025
751Before Incident
OCTOBER 2025
751Before Incident
SEPTEMBER 2025
751Before Incident
AUGUST 2025
751Before Incident

Frequently Asked Questions

?
What is the current A.I Rankiteo Cyber Score for Injective Labs ?
?
What was Injective Labs's A.I Rankiteo Cyber Score in June 2026 ?
?
What was Injective Labs's A.I Rankiteo Cyber Score in May 2026 ?
?
What was Injective Labs's A.I Rankiteo Cyber Score in April 2026 ?
?
What was Injective Labs's A.I Rankiteo Cyber Score in March 2026 ?
?
What was Injective Labs's A.I Rankiteo Cyber Score in February 2026 ?
?
What was Injective Labs's A.I Rankiteo Cyber Score in January 2026 ?
?
What was Injective Labs's A.I Rankiteo Cyber Score in December 2025 ?
?
What was Injective Labs's A.I Rankiteo Cyber Score in November 2025 ?
?
What was Injective Labs's A.I Rankiteo Cyber Score in October 2025 ?
?
What was Injective Labs's A.I Rankiteo Cyber Score in September 2025 ?
?
What was Injective Labs's A.I Rankiteo Cyber Score in August 2025 ?
?
What is the average per-incident point impact on Injective Labs's A.I Rankiteo Cyber Score over the past 12 months ?
?
Where can I access detailed records of all cyber incidents associated with Injective Labs ?
?
Where can I find a summary of the A.I Rankiteo Risk Scoring methodology ?
?
Where can I view Injective Labs's profile page on Rankiteo ?
?
How accurate is the A.I Rankiteo Risk Scoring methodology ?