u.today
According to Charles Guillemet, chief technology officer at hardware wallet manufacturer Ledger, a large-scale supply chain attack recently hit the NPM (node package manager) ecosystem.
It is worth noting that developers all over the globe rely on NPM packages for building websites. NPM is the most widely used package manager for JavaScript and TypeScript.
The inserted malicious code was specifically inserted to stealthily swap cryptocurrency malicious addresses on the fly. In such a way, the potential victim of the attacker will inadvertently send funds to the wrong address.
According to Guillemet, it is unclear whether the code is also capable of extracting recovery seeds from compromised wallets.
The scope of the attack
As noted by the Ledger CTO, the compromised packages have already been downloaded more than a billion times.
Of course, it does not mean they are at immediate risk of being hacked, but this shows the sheer scope of the supply chain attack since the malicious code is already embedded across various applications. Crypto wallets pose the biggest risk since the attackers are specifically manipulating addresses.
The attack is affecting various chains, including Ethereum and Solana.