Crypto asset holders are facing a major threat today as reports of the largest supply chain attack potentially affecting all blockchains have emerged. Charles Guillemet, the CTO at Ledger, has revealed the magnitude of the attack, which is still ongoing and poses a significant risk.
Guillemet has highlighted that a reputable developer’s NPM account has been compromised, leading to over 1 billion downloads of affected packages. With the JavaScript ecosystem at stake, Guillemet has advised crypto users to avoid making any transactions at this time.
“If you use a hardware wallet, carefully review each transaction before signing to ensure your safety. For those not using hardware wallets, it is recommended to refrain from conducting any on-chain transactions for now. The possibility of the attacker also targeting seeds from software wallets directly is still unknown at this point,” noted Guillemet.
Crypto Developers’ Response to Today’s Supply Chain Attack
According to MetaMask developers, their customers have not been impacted by the supply chain attack that contains malicious code attempting to steal users’ funds through various methods.
“The malicious code aims to steal cryptocurrency in multiple ways, but we have not received any reports of actual theft. We will continue to closely monitor the situation. As always, exercise caution and avoid clicking on suspicious links,” mentioned the MetaMask team.
On the other hand, crypto developer Rezo emphasized the inherent vulnerability of software execution and recommended that cryptocurrency holders opt for hardware wallets for enhanced security.
Was SwissBorg a Victim?
Earlier today, on-chain security analyst ZachXBT revealed that Swiss-based crypto platform SwissBorg fell victim to a hack resulting in the theft of 192,600 Solana (SOL) coins, valued at almost $42 million. SwissBorg attributed the breach to a compromised partner API affecting the SOL Earn Program.
As of now, there is no direct link between this incident and the ongoing supply chain attack.
SwissBorg has announced its commitment to fully compensate all affected customers in light of this security breach.