Ledger CTO Alerts Users to NPM Supply Chain Attack Affecting 1 Billion Downloads

Charles Guillemet, CTO of Ledger, reported a large-scale supply chain attack linked to a compromised Node Package Manager (NPM) account. Key points include:

Malicious code has been integrated into packages with over 1 billion downloads.
The code swaps crypto wallet addresses in transactions, directing funds to attackers.
The affected developer's identity remains undisclosed.
Open-source software vulnerabilities can quickly impact the crypto economy.
Compromised JavaScript packages can affect decentralized applications and software wallets.
Guillemet recommends using hardware wallets with secure screens and Clear Signing to prevent fund loss.
Users should verify transactions and avoid blind signing.

This incident highlights the importance of security in software development tools and the risks posed to crypto users.