The cryptocurrency world faces another wave of cyber threats as attackers persistently target digital assets. Eager to seize substantial bounties, cybercriminals explore all avenues. Recently, the account of a widely-used developer, known for distributing code libraries, was compromised. Notably, hardware wallet users, like those with Ledger wallets, are advised to pause transactions until further notice.
Hardware Wallet Threats
Cryptocurrency investors often utilize external hardware wallets to avoid the risks associated with centralized exchanges and to maintain control over their assets. Although deemed more secure, methods exist to target devices like Ledger wallets. Charles Guillenet, the Technology Director of the Ledger application, issued a significant warning recently.
“An extensive supply chain attack is underway: a reputable developer’s NPM account has been compromised. The affected packages have already seen over a billion downloads, suggesting potential vulnerability across the entire JavaScript ecosystem.
The malicious payload silently and instantly alters crypto addresses to steal funds.
If you’re using a hardware wallet, scrutinize every transaction before signing to ensure safety.
Without a hardware wallet, avoid conducting on-chain transactions for now, as it’s unclear whether attackers can extract seeds from software wallets.”
The discovery was made by Jdstaerk, who stated:
“The popular npm package error-ex, downloaded more than 47 million times weekly, is compromised. Version 1.3.3 contains malicious code that intercepts network requests and wallet transactions, swapping recipient addresses for those belonging to the attacker – a ‘crypto-clipper’.
Warning for Cryptocurrency Users
A critical attack is affecting JS libraries. To explain simply, think of a famous author whose work everyone cites. A hacked NPM library means their developed code structures and combined code products can be altered, making citations reflect the attacker’s changes.
Developers creating DeFi platforms or wallet interfaces using this affected NPM library may unexpectedly encounter altered source code with harmful blocks. A malicious actor can tamper with widely used code libraries, compromising previously secure websites or wallets.
For example, they might automatically change recipient wallet addresses or obtain seed phrases during transactions. By taking over trusted libraries, attackers gain amendment authority over code blocks used by over a million developers, leaving uncertainty about potential attack methods on various websites. It’s prudent to refrain from transactions via crypto hardware wallets or involving smart contracts for the time being.
Developers should revert to the stable version 1.3.2 of error-ex to safeguard against newly introduced malicious code.
“Utilize the overrides feature in your package.json file. Use npm ci instead of npm install in build pipelines.” – Jdstaerk
