Ledger CTO: Large-Scale Supply Chain Attack Underway, Entire JavaScript Ecosystem at Risk

BlockBeats News, September 9, Ledger's Chief Technology Officer Charles Guillemet wrote that, "A large-scale supply chain attack is currently taking place: a well-known developer's NPM account has been compromised. The affected package has been downloaded over 1 billion times, which means the entire JavaScript ecosystem could be at risk.

The malicious code works by silently tampering with cryptocurrency addresses in the background to steal funds.

If you use a hardware wallet, please carefully verify each signature transaction, and you are safe.
If you do not use a hardware wallet, please refrain from making any on-chain transactions for now.
It is currently unclear whether the attacker has already stolen the software wallet's mnemonic phrase.

For more details, see the report. If you are using Ledger or another hardware wallet that supports clear signatures, you will not be affected. My previous tweets were a reminder: Users who do not use hardware wallets that support clear signatures are at risk. Please be sure to carefully review each transaction before signing."