Socket found a compromised Injective npm package stealing wallet keys amid rising crypto supply chain attacks.