A recent security incident involving a Node Package Manager (NPM) library highlights the ongoing vulnerabilities affecting software wallets and cryptocurrency exchanges. This warning comes from Charles Guillemet, the Chief Technology Officer of Ledger, who emphasized the potential for significant risk.
Guillemet cautioned that just a single line of compromised code could lead to the loss of funds stored within these digital platforms. He stressed that software-centric systems are particularly susceptible to supply chain attacks, where harmful elements are introduced through seemingly trustworthy channels and updates.
The security incident originated with a phishing campaign where attackers posed as NPM support in deceptive emails. These emails were designed to steal developer credentials, which the cybercriminals then used to publish modified versions of popular packages, including chalk, debug, and strip-ansi.
Did you know?
Subscribe – We publish new crypto explainer videos every week!
How Do KYC & AML Work in Crypto? (Explained)
The malicious code functioned by intercepting network traffic and substituting wallet addresses. Specifically, when an application attempted communication with a blockchain network, the rogue code replaced the intended destination address with an address under the attacker’s control.
This manipulation affected transactions across various blockchain networks, including Bitcoin
Anatoly Makosov, the CTO of The Open Network (TON), clarified that the attack targeted 18 distinct versions of the libraries. He emphasized that applications faced the greatest danger if they integrated the affected packages soon after their release or if they employed automated dependency update systems.
Makosov urged developers to verify if these specific versions were present in their projects. Additionally, he provided a checklist to aid developers in determining whether their applications had been compromised.
The guideline stipulates that projects should be treated as compromised if any of the 18 vulnerable library versions are currently in use.
A recent report from Lucija Valentić at ReversingLabs revealed that hackers have discovered a novel technique for spreading malicious software. Interested in learning more? Read the complete article.