A critical software hack has been reported by Ledger’s CTO Charles Guillemet, potentially compromising crypto funds. Hackers have reportedly hijacked the npm account of a prominent developer, injecting malicious code into the widely used JavaScript package error-ex, which has over one billion downloads. This malware monitors cryptocurrency transactions, redirecting them to the attackers' accounts when users attempt to send funds like Bitcoin or Ethereum. Victims may be unaware, believing they are sending assets to trusted addresses. The malware's capability to alter what anyone sees during transactions puts users at significant risk. Guillemet recommended hardware wallet users to meticulously verify transaction details on their devices to detect tampering, while advising software wallet users to suspend on-chain transactions until further understanding of the attack emerges. Researchers suggest this incident could be among the largest open-source supply chain attacks ever, emphasizing the vulnerabilities present in shared software libraries and the financial risks they pose to the crypto ecosystem.

Source 🔗