Ledger Warns of Massive Hack, Avoid Crypto Transactions Now

Ledger CTO cautions users to halt crypto transactions due to a mass NPM attack that hijacks wallets and loots money.

The cryptocurrency world has been shaking due to a major supply chain attack that has even led the Chief Technology Officer of Ledger to make a serious warning. 

Focusing on the Node Package Manager (NPM) ecosystem, the attack uses malicious code that silently replaces the cryptocurrency wallet addresses on transactions. 

Users also have the risk of losing their funds to attackers without their notice. The Ledger CTO advises against cryptocurrency transactions until the risk of theft is gone.

NPM Compromise of Cryptocurrency Wallets

A phishing assault compromised developer qix’s NPM account, allowing hackers to inject malicious code into dozens of popular JavaScript packages, including chalk and strip-ansi. The scope is enormous since these packages have more than a billion downloads every week.

The malware injected serves as a crypto-clipper, which captures Web3 transactions in browsers. 

It overwrites authentic wallet addresses in near real time with those of the attacker. This complicates the detection of fraudulent transactions by users to a great extent.

Ledger CTO Warns of Caution on Crito Dealings

This risk was noted by Charles Guillemet, the CTO of Ledger, on the social platform X. He emphasized that the users of hardware wallets featuring clear signing ability are able to verify transaction addresses safely and are therefore less prone. 

Nevertheless, software wallet users are at a high risk and should not sign any on-chain transactions until the matter is completely addressed.

He said that users who do not have hardware wallets are at high risk since they cannot precisely confirm transaction details. 

The forewarning cuts across various blockchains such as Ethereum, Solana, and Bitcoin, among other blockchains that have already fallen prey to the malware.

The Malware Mechanism: Two-Pronged Attack

Source – substack.com 

Analysts who examined the code have identified two significant attack vectors. To begin with, an inactive approach in which the code monkey-patches fetch and XMLHttpRequest functions of browsers and replaces wallet addresses with similar but fraudulent addresses. 

It applies advanced algorithms to make the replaced addresses appear almost the same, which deceives users with ease.

Second, in case a wallet like MetaMask is detected, the malware blocks request transactions and modifies recipient addresses prior to user authentication. 

Users who fail to meticulously pay attention to the signing process of documents, unwillingly grant transfer authority to hackers.

Large Scale Effect on the JavaScript Ecosystem

This attack impacts vital development packages that are utilized worldwide in web and crypto applications. Besides, chalk and strip-ansi, color-convert, error-ex, and has-ansi were compromised.

The attack highlights vulnerabilities in software supply chains, particularly in open-source ecosystems that are part and parcel of blockchain and crypto services.

Users and developers are encouraged to audit dependencies, pin safe package versions, and update lockfiles, lest they pull malicious code.

The sources affirm that although most of the contaminated packages were cleaned, scientists are keeping an eye on the remaining infected versions. 

The attack is one of the worst related to crypto in history yet it has resulted in greater awareness and quicker remediation.

Ledger is telling the truth: he says not to have any crypto-transactions without secure hardware wallets with transparent signing. 

This is a radical recommendation that will help defend digital assets against the unknown yet notable threat that is looming through the software supply chain.