Virtual currency
-
Crypto wallet Ledger supply chain vulnerability led to the theft of $600,000 in virtual assets
A supply chain attack on crypto hardware wallet manufacturer Ledger resulted in the theft of $600,000 in crypto assets. The attacker obtained Ledger's npm account through a phishing attack on a resigned employee, and uploaded a malicious version of the Connect Kit module. These malicious versions spread cryptocurrency-stealing malware to other applications that rely on the module, creating software supply chain vulnerabilities.