Crypto software wallets at risk following supply chain attack

• Ledger CTO Charles Guillemet warned of a large-scale supply chain attack that could affect software crypto wallets.
• The warning follows reports of a reputable developer's NPM account being compromised.
• Guillemet cautioned against performing on-chain transactions.

Charles Guillemet, Chief Technology Officer at Ledger, warned on Monday of a large-scale supply chain attack targeting crypto software wallets after the Node Package Manager (NPM) account of open-source developer qix was compromised.

Software wallets could face attacks from NPM breach

Crypto software wallets could be vulnerable to malicious attacks when performing transactions, said Guillemet in an X post on Monday.

Guillemet noted that a major supply chain attack has been underway after reputable developer qix's NPM account was compromised.

A supply chain attack targets a third-party vendor that provides services or software essential to the supply chain.

The hacked NPM was reportedly used to distribute malware designed to scan and exploit crypto wallets. Once crypto is detected, the malware alters the code responsible for signing transactions and redirects funds to addresses controlled by its creators.

"The malicious payload works by silently swapping crypto addresses on the fly to steal funds," wrote Guillemet.

NPM serves as a central registry and library for JavaScript software packages, offering command-line tools that allow developers to install and manage packages. NPM is largely used on open-source platforms and is a core part of the JavaScript ecosystem, widely relied upon for sharing and distributing code.

Guillemet added that the packages involved had been downloaded more than a billion times.

He noted that the malware poses a greater risk to software wallet users than to those with hardware wallets, urging the former to avoid making on-chain transactions.

"If you use a hardware wallet, pay attention to every transaction before signing and you're safe. If you don't use a hardware wallet, refrain from making any on-chain transactions for now," Guillemet added.

The development sparked concerns among crypto developers about the potential impact of the attacks on crypto wallets.

DefiLlama developer and pseudonymous figure Oxngmi stated on X that the supply-chain attack can only affect websites that "pushed an update since the hacked NPM package was published."

He reiterated Guillemet's view, stating that it is "safer to avoid using crypto websites till this blows over and they clean up the bad packages."

However, several top crypto platforms, including MetaMask wallet, Uniswap, Aave and Jupiter have stated that their systems are unaffected by the developments.

Meanwhile, Switzerland-based crypto exchange SwissBorg suffered an attack in which hackers stole 193,000 SOL, worth about $41.5 million at the time. The exchange stated that the attack involved the compromise of a partner API in its SOL Earn Program, affecting less than 1% of users.