Crypto software wallets at risk following supply chain attack
|- Ledger CTO Charles Guillemet warned of a large-scale supply chain attack that could affect software crypto wallets.
- The warning follows reports of a reputable developer's NPM account being compromised.
- Guillemet cautioned against performing on-chain transactions.
Charles Guillemet, Chief Technology Officer at Ledger, warned on Monday of a large-scale supply chain attack targeting crypto software wallets after the Node Package Manager (NPM) account of open-source developer qix was compromised.
Software wallets could face attacks from NPM breach
Crypto software wallets could be vulnerable to malicious attacks when performing transactions, said Guillemet in an X post on Monday.
Guillemet noted that a major supply chain attack has been underway after reputable developer qix's NPM account was compromised.
A supply chain attack targets a third-party vendor that provides services or software essential to the supply chain.
The hacked NPM was reportedly used to distribute malware designed to scan and exploit crypto wallets. Once crypto is detected, the malware alters the code responsible for signing transactions and redirects funds to addresses controlled by its creators.
"The malicious payload works by silently swapping crypto addresses on the fly to steal funds," wrote Guillemet.
NPM serves as a central registry and library for JavaScript software packages, offering command-line tools that allow developers to install and manage packages. NPM is largely used on open-source platforms and is a core part of the JavaScript ecosystem, widely relied upon for sharing and distributing code.
Guillemet added that the packages involved had been downloaded more than a billion times.
He noted that the malware poses a greater risk to software wallet users than to those with hardware wallets, urging the former to avoid making on-chain transactions.
"If you use a hardware wallet, pay attention to every transaction before signing and you're safe. If you don't use a hardware wallet, refrain from making any on-chain transactions for now," Guillemet added.
The development sparked concerns among crypto developers about the potential impact of the attacks on crypto wallets.
DefiLlama developer and pseudonymous figure Oxngmi stated on X that the supply-chain attack can only affect websites that "pushed an update since the hacked NPM package was published."
He reiterated Guillemet's view, stating that it is "safer to avoid using crypto websites till this blows over and they clean up the bad packages."
However, several top crypto platforms, including MetaMask wallet, Uniswap, Aave and Jupiter have stated that their systems are unaffected by the developments.
Meanwhile, Switzerland-based crypto exchange SwissBorg suffered an attack in which hackers stole 193,000 SOL, worth about $41.5 million at the time. The exchange stated that the attack involved the compromise of a partner API in its SOL Earn Program, affecting less than 1% of users.
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.