|

Crypto software wallets at risk following supply chain attack

  • Ledger CTO Charles Guillemet warned of a large-scale supply chain attack that could affect software crypto wallets.
  • The warning follows reports of a reputable developer's NPM account being compromised.
  • Guillemet cautioned against performing on-chain transactions.

Charles Guillemet, Chief Technology Officer at Ledger, warned on Monday of a large-scale supply chain attack targeting crypto software wallets after the Node Package Manager (NPM) account of open-source developer qix was compromised.

Software wallets could face attacks from NPM breach

Crypto software wallets could be vulnerable to malicious attacks when performing transactions, said Guillemet in an X post on Monday.

Guillemet noted that a major supply chain attack has been underway after reputable developer qix's NPM account was compromised.

A supply chain attack targets a third-party vendor that provides services or software essential to the supply chain.

The hacked NPM was reportedly used to distribute malware designed to scan and exploit crypto wallets. Once crypto is detected, the malware alters the code responsible for signing transactions and redirects funds to addresses controlled by its creators.

"The malicious payload works by silently swapping crypto addresses on the fly to steal funds," wrote Guillemet.

NPM serves as a central registry and library for JavaScript software packages, offering command-line tools that allow developers to install and manage packages. NPM is largely used on open-source platforms and is a core part of the JavaScript ecosystem, widely relied upon for sharing and distributing code.

Guillemet added that the packages involved had been downloaded more than a billion times.

He noted that the malware poses a greater risk to software wallet users than to those with hardware wallets, urging the former to avoid making on-chain transactions.

"If you use a hardware wallet, pay attention to every transaction before signing and you're safe. If you don't use a hardware wallet, refrain from making any on-chain transactions for now," Guillemet added.

The development sparked concerns among crypto developers about the potential impact of the attacks on crypto wallets.

DefiLlama developer and pseudonymous figure Oxngmi stated on X that the supply-chain attack can only affect websites that "pushed an update since the hacked NPM package was published."

https://x.com/0xngmi/status/1965125988016087050

He reiterated Guillemet's view, stating that it is "safer to avoid using crypto websites till this blows over and they clean up the bad packages."

However, several top crypto platforms, including MetaMask wallet, Uniswap, Aave and Jupiter have stated that their systems are unaffected by the developments.

Meanwhile, Switzerland-based crypto exchange SwissBorg suffered an attack in which hackers stole 193,000 SOL, worth about $41.5 million at the time. The exchange stated that the attack involved the compromise of a partner API in its SOL Earn Program, affecting less than 1% of users.

Author

Michael Ebiekutan

With a deep passion for web3 technology, he's collaborated with industry-leading brands like Mara, ITAK, and FXStreet in delivering groundbreaking reports on web3's transformative potential across diverse sectors. In addition to

More from Michael Ebiekutan
Share:

Editor's Picks

Ripple eyes short-term bullish turn as investor demand returns

Ripple exhibits strong recovery prospects, trading above $1.10 on Friday. This rebound aligns with the broader crypto market and can be attributed to easing geopolitical tensions in the Middle East and growing appetite for risk assets.

Crypto Today: Bitcoin, Ethereum, XRP advance amid renewed capital inflows

Bitcoin maintains its upward momentum, holding above the $61,000 mark at the time of writing on Friday. Major altcoins such as Ethereum and Ripple are also posting gains, signaling a modest uptick in market sentiment and renewed risk appetite among investors.

Bitcoin Weekly Forecast: Quarter-end rebalancing might fuel BTC next bullish move

Bitcoin recovers to $61,800 on Friday after falling to a 21-month low of $57,800. US-listed spot ETFs recorded outflows of $526.64 million through Thursday, pointing to the eighth consecutive week of withdrawals.

Pi Network posts minor gains amid easing risk-off market sentiment

Pi Network (PI) shows minor recovery on Friday, a slow follow-through of the 2% rebound from the previous day. The recovery in PI aligns with the easing broader market risk-off sentiment, fueling speculative interest in the token.

Bitcoin: Quarter-end rebalancing might fuel BTC next bullish move
Bitcoin (BTC) is up over 3% so far this week, trading above $61,800 at the time of writing on Friday after slipping to a 21-month low earlier this week. Institutional selling continued, with spot Exchange Traded Funds (ETFs) recording net outflows of over $520 million through Thursday, pointing to the eighth consecutive week of withdrawals.