Critical software hacks could put cryptocurrency funds at risk, Ledger’s chief technology officer Charles Guillemet warned on Monday.
Hackers seem to have one compromise The NPM account for the “famous” unknown developer, Guillemet said.
Hackers have slipped malicious code into a small, widely used JavaScript package called Error-Ex. The package has been downloaded over a billion times and is built into countless apps and services.
Malware works by quietly monitoring cryptocurrency activity. When a user attempts to send Bitcoin, Ethereum, Solana, or other tokens, they exchange the destination wallet for something controlled by the attacker. Victims may believe they are sending the funds to a reliable address, but instead the money flows to the malicious actor.
Security Analyst I warned That code can hijack transactions across multiple layers – you can change what your website is showing, change background processes, and even trick your app by misrepresenting what users are signing.
Guillemet advised the hardware wallet owner to carefully review each transaction on the device’s screen before accepting it. The hardware displays true recipient addresses, so hardworking users can still find tampering. If you’re using only a software wallet, he urged you to avoid all on-chain transactions until the attack was better understood.
Researchers are Description Violation as the biggest open source supply chain attack in history. It highlights vulnerabilities in shared software libraries and the direct financial risks that can be created using cryptographic information.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
