Security experts are warning cryptocurrency users to exercise extreme caution due to a large-scale supply chain exploit linked to compromised JavaScript code packages. Ledger's CTO, Charles Guillemet, highlighted the vulnerability resulting from the breach of a reputable developer's NPM account, which may have allowed malicious code to spread unnoticed. This code reportedly swaps crypto addresses on the fly, putting funds across potentially all blockchain networks at risk. Guillemet urged users to refrain from signing any crypto transactions at this time. Reports suggest that the malicious packages have been downloaded over 1 billion times, affecting many popular packages used in JavaScript development, including 'color-name' and 'color-string.' As the situation unfolds, users are advised to remain vigilant and consider halting transactions until further notice.

Source 🔗