Ledger has suffered a supply chain attack!

author: Mustafa Mullah

Mustafa has been writing about blockchain and cryptocurrencies for several years. He has previous trading experience and has been working in the fintech industry since 2017.

December 14, 2023 19:00

Ledger suffered a supply chain attack. A library called connect-kit, which allows developers to connect decentralized applications (DApps) to Ledger hardware wallets, has been compromised. By injecting wallet-draining payloads into popular NPM packages, attackers can potentially impact numerous DApps, including Hey. Sushi CTO warned against using DApps that utilize LedgerHQ/connect-kit until further notice. This incident highlights the importance of supply chain security in the blockchain industry and highlights the need for increased vigilance and caution when using DApps.