A JavaScript npm account that can both track and direct crypto transactions was found to be distributing packages containing malicious code. This highlighted that developers and affected packages were at great risk shortly after the attack. Since secure versions have not yet been released, the community was notified of this situation via the Hackernoon profile.

It is emphasized that the stolen npm maintainer account could not be recovered and was most likely stolen through a fake 2FA process. GitHub users have also reported receiving suspicious emails sent via npmjs support. This incident is considered the largest npm supply chain attack in history. Warnings have been issued that if the emails succeed in compromising other user accounts, more suppliers could be at risk.

Crypto Wallets Under Supply Chain Threat

Cryptopolitan recently announced that two packages were compromised in a crypto theft attack via Ethereum. It was also stated that the attack was quite large in scale. It was emphasized that 2 billion downloads per week affected 18 popular npm packages. Warnings were also issued about the need to avoid these packages. Supply chain attacks are considered one of the most significant risks in the crypto world. Even if users perform their transactions correctly, the destination of funds may still be subject to this risk. For this reason, leading figures in the industry are warning users about certain transactions.

You can also freely share your thoughts and comments about the topic in the comment section. Additionally, don’t forget to follow us on our Telegram, YouTube, and Twitter channels for the latest news and updates.

*DOES NOT CONTAIN INVESTMENT ADVICE*

The post Important Announcement from Ledger CTO Charles Guillemet: Hack Warning! appeared first on Coin Engineer.