IT Brief US - Technology news for CIOs & IT decision-makers
United States

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Cybersecurity threat cryptocurrency wallet malware warning digital illustration
#
Malware
#
Crypto
#
Blockchain

Ledger warns of NPM attack thwarted by malware coding errors

Today
Author image
By Catherine Knowles, Journalist

Ledger CTO Charles Guillemet has issued a warning following a major but unsuccessful supply chain attack on the Node Package Manager (NPM) ecosystem this week, highlighting ongoing software risks in the cryptocurrency sector.

The attack began with a phishing campaign that impersonated NPM support staff, targeting developers through convincing emails designed to obtain their login credentials. Once access was obtained, the attackers published malicious updates to widely used JavaScript packages - software components that, in aggregate, have been downloaded more than one billion times.

The potential impact of a successful attack of this scale is significant. Had it not been detected, the injected malicious code could have reached a global user base, including millions of developers and end-users. The payload was tailored to target cryptocurrency transactions: it monitored for wallet addresses input by users and replaced them with addresses controlled by attackers. Such a mechanism would have allowed attackers to drain funds from wallets operated on major blockchains, such as Ethereum and Solana, among others.

Detection and containment

Despite the initial effectiveness of the phishing effort and the widespread distribution capabilities, mistakes in the malicious code itself ultimately led to its early detection. Coding errors within the malware caused unexpected crashes in continuous integration and deployment (CI/CD) pipelines. As a result, these disruptions alerted development teams to the presence of malicious code faster than might otherwise have been the case.

These technical shortcomings limited the distribution and effectiveness of the attack. According to available information, very few - if any - end users lost funds as a result. Security experts have cautioned, however, that the prevention of a more serious incident was due to flaws in the malicious package, not inherent security measures.

"The attack fortunately failed, with almost no victims. Still, this is a clear reminder: if your funds sit in a software wallet or on an exchange, you're one code execution away from losing everything," said Charles Guillemet, CTO at Ledger. "Hardware wallets are built to withstand these threats. Features like Clear Signing let you confirm exactly what's happening, and Transaction Checks flag suspicious activity before it's too late."

Supply chain trends

This attempted supply chain compromise adds to mounting evidence that attackers are increasingly targeting software development infrastructure, especially in the cryptocurrency and Web3 arenas. Applications in these sectors depend heavily on an intricate network of open-source libraries and developer tools, meaning that a single compromised dependency can affect a wide range of downstream projects.

The open-source ecosystem, while enabling transparency and collaboration, also introduces new vulnerabilities. The absence of centralised authority or oversight for package distribution means that trust is largely placed in individual contributors - a model that can be exploited by sophisticated attackers.

In contrast to traditional finance where fraud or dispute mechanisms exist, the cryptocurrency sector provides virtually no means of recovering stolen funds. A compromised software package or undetected exploit may result in extensive and irreversible financial impact for users and organisations alike.

Sector responses

Ledger has advocated for a two-pronged approach to mitigating similar risks. Developers are encouraged to strengthen their security practices, including the adoption of multifactor authentication for access to software repositories and ongoing vigilance for phishing attacks. For end users, the use of hardware wallets is advised as a minimum requirement for secure interaction within the Web3 ecosystem.

As targeted supply chain attacks become more frequent and complex, the incident serves as a case study in both the persistent threats facing cryptocurrency infrastructure and the critical importance of defensive measures throughout the software lifecycle.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
JFrog unifies compliance with new evidence partners for AppTrust
Semarchy launches flexible Data Platform with AI & DataOps focus
Catalogic unveils DPX 4.13 to boost backup integrity & cyber defences
Cybersecurity education expands as universities target workforce gap
Checkmarx named leader in Forrester Wave for SAST & AI tools

Top stories

Nasuni expands global R&D with new innovation centre in Hyderabad
Wavelo unveils solution to unlock legacy telecom data for AI
SentinelOne to acquire Observo AI to boost AI-native security data
TetraLogical launches self-led online courses in digital accessibility
Siemens joins CHERI Alliance to boost cybersecurity in EDA sector