CDN poisoning

intelligence gathering

Crypto wallet Ledger supply chain vulnerability led to the theft of $600,000 in virtual assets

A supply chain attack on crypto hardware wallet manufacturer Ledger resulted in the theft of $600,000 in crypto assets. The attacker obtained Ledger's npm account through a phishing attack on a resigned employee, and uploaded a malicious version of the Connect Kit module. These malicious versions spread cryptocurrency-stealing malware to other applications that rely on the module, creating software supply chain vulnerabilities.

chief security officer
December 16, 2023
03.7K00