Injective (INJ) announced via X that it detected and immediately blocked a hacking attempt targeting its npm package, with no user fund damage. This follows earlier reports from some media outlets suggesting the possibility of the Injective npm package being hacked. Injective stated, "Our security monitoring system immediately detected the issue, discarded the affected package version before download, and replaced it with a new one. Consequently, not a single malicious package download occurred, and there was no risk to user funds." It further emphasized, "Since the mainnet launch approximately five years ago, there has never been a single instance of a vulnerability being exploited on-chain."