According to BlockBeats, Ledger's Chief Technology Officer Charles Guillemet has provided an update on the recent NPM attack, stating that fortunately, the attack was unsuccessful with minimal victims. The attack began with phishing emails disguised as npm support domains, aiming to steal user credentials and allow attackers to publish malicious software package updates. The injected code targeted network encryption activities, infiltrating chains like Ethereum and Solana, hijacking transactions, and replacing wallet addresses directly in network responses. An error by the attackers led to a CI/CD pipeline crash, enabling early detection and limiting the impact.
Guillemet emphasized that this incident serves as a clear reminder of the risks associated with storing funds in software wallets or exchanges, where a single code execution could result in significant losses. Supply chain attacks remain a potent method for spreading malware, with an increasing number of targeted attacks being observed.
Hardware wallets are specifically designed to counter such threats. Features like "clear signing" allow users to accurately verify transaction details, while "transaction checks" can flag suspicious activities before issues arise. Although the immediate danger may have passed, the threat persists, and maintaining security is crucial.
Earlier today, BlockBeats reported a large-scale supply chain attack involving the compromise of a well-known developer's NPM account. The affected package has been downloaded over a billion times, posing a potential risk to the entire JavaScript ecosystem.