A large-scale supply chain attack exposed numerous crypto wallets to risk this week, according to an executive at the hardware wallet firm Ledger.
Charles Guillemet, Ledger’s chief technology officer (CTO), notes that the attack failed with almost no victims, but he cautions that the threat remains.
“It began with a phishing email from a fake npm support domain that stole credentials and gave attackers access to publish malicious package updates. The injected code targeted web crypto activity, hooking into Ethereum, Solana and other chains to hijack transactions, and replacing wallet addresses directly in network responses.
The attackers’ mistakes caused crashes in CI/CD pipelines, which led to early detection and limited impact. Still, this is a clear reminder: if your funds sit in a software wallet or on an exchange, you’re one code execution away from losing everything. Supply chain compromises remain a powerful malware delivery vector, and we’re also seeing more targeted attacks emerge.
Hardware wallets are built to withstand these threats. Features like Clear Signing let you confirm exactly what’s happening, and Transaction Checks flag suspicious activity before it’s too late.”
Clear signing is designed to provide clear transaction intent and human-readable transaction fields that enable users to receive a clear indication of which approvals they are granting, according to Ledger’s website.
Follow us on X, Facebook and TelegramGenerated Image: Midjourney