Critical hack may put crypto funds at risk, Ledger CTO warns
A major software supply chain attack could be putting crypto funds at risk, according to Ledger chief technology officer Charles Guillemet.
Guillemet said on Monday that hackers compromised the NPM account of a well-known developer and injected malicious code into a small but widely used JavaScript package called error-ex. The package has been downloaded over one billion times and is integrated into countless apps and services.
The malware works by monitoring cryptocurrency transactions. When users attempt to send Bitcoin, Ethereum, Solana or other tokens, the code swaps the intended recipient’s address with one controlled by attackers, redirecting funds without the victim’s knowledge.
Security experts warn the exploit can hijack transactions at multiple levels - altering website displays, interfering with background processes, and tricking apps into misrepresenting what users are signing.
Guillemet urged hardware wallet users to always confirm transactions directly on the device screen before approval, as this step reveals the true destination address. He also advised those using only software wallets to avoid on-chain transfers until the issue is fully resolved.
Experts have described the incident as potentially the largest open-source supply chain hack in history. The breach underscores the vulnerability of shared code libraries and the systemic risks they pose to the crypto ecosystem.
As GNCrypto reported earlier, Singapore loses $337M to scams, crypto accounts for 18%.
Security experts warn the exploit can hijack transactions at multiple levels - altering website displays, interfering with background processes, and tricking apps into misrepresenting what users are signing.
Guillemet urged hardware wallet users to always confirm transactions directly on the device screen before approval, as this step reveals the true destination address. He also advised those using only software wallets to avoid on-chain transfers until the issue is fully resolved.
Experts have described the incident as potentially the largest open-source supply chain hack in history. The breach underscores the vulnerability of shared code libraries and the systemic risks they pose to the crypto ecosystem.
As GNCrypto reported earlier, Singapore loses $337M to scams, crypto accounts for 18%.
Recommended