🚀 Ledger CTO Addresses Recent NPM Attack and Supply Chain Threats
#Ledger #NPM #NPMAttack #SupplyChainAttack #Phishing #Ethereum #Solana #HardwareWallets #ClearSigning #TransactionChecks #JavaScript #JavaScriptEcosystem #CryptoSecurity #BlockBeats #LedgerSecurity
According to BlockBeats, Ledger's Chief Technology Officer Charles Guillemet has provided an update on the recent NPM attack, stating that fortunately, the attack was unsuccessful with minimal victims. The attack began with phishing emails disguised as npm support domains, aiming to steal user credentials and allow attackers to publish malicious software package updates. The injected code targeted network encryption activities, infiltrating chains like Ethereum and Solana, hijacking transactions, and replacing wallet addresses directly in network responses. An error by the attackers led to a CI/CD pipeline crash, enabling early detection and limiting the impact.
Guillemet emphasized that this incident serves as a clear reminder of the risks associated with storing funds in software wallets or exchanges, where a single code execution could result in significant losses. Supply chain attacks remain a potent method for spreading malware, with an increasing number of targeted attacks being observed.
Hardware wallets are specifically designed to counter such threats. Features like "clear signing" allow users to accurately verify transaction details, while "transaction checks" can flag suspicious activities before issues arise. Although the immediate danger may have passed, the threat persists, and maintaining security is crucial.
Earlier today, BlockBeats reported a large-scale supply chain attack involving the compromise of a well-known developer's NPM account. The affected package has been downloaded over a billion times, posing a potential risk to the entire JavaScript ecosystem.#Ledger #NPM #NPMAttack #SupplyChainAttack #Phishing #Ethereum #Solana #HardwareWallets #ClearSigning #TransactionChecks #JavaScript #JavaScriptEcosystem #CryptoSecurity #BlockBeats #LedgerSecurity
🚀 Babylon Labs Integrates Ledger Hardware for Enhanced Bitcoin Vault Security
#BabylonLabs #Ledger #HardwareWallet #BitcoinVault #Security #DeFi #Bitcoin #SelfCustody #Blockchain #ClearSigning #TransactionTransparency #BTC
Babylon Labs has announced the integration of native Ledger hardware wallet signing into its Trustless Bitcoin Vaults, aiming to enhance secure self-custodial DeFi use of Bitcoin. According to NS3.AI, this development follows the activation of over $10 billion of native BTC to secure various blockchain systems. Users can now approve BTCVault transactions directly on Ledger hardware devices. The Clear Signing interface provides a dedicated screen displaying full transaction details before confirmation, ensuring transparency and security.#BabylonLabs #Ledger #HardwareWallet #BitcoinVault #Security #DeFi #Bitcoin #SelfCustody #Blockchain #ClearSigning #TransactionTransparency #BTC
🚀 Ethereum Foundation Unveils Wallet Security Model at EthCC[9]
#EthereumFoundation #WalletSecurity #TrillionDollarSecurityPlan #1TS #WalletBeat #ClearSigning #SecurityMaturityModel #EthCC9 #CrossChainSecurity #DNSAttacks #EthereumSecurity #BlockchainSecurity #CryptoWallets #EthereumL1 #SecurityIncidents #CryptoLosses
Ethereum Foundation project manager Hester Bruikman presented updates on the 'Trillion Dollar Security Plan (1TS)' at the EthCC[9] conference. According to Foresight News, Bruikman detailed the WalletBeat wallet security maturity model, which evaluates wallets based on user security goals rather than a checklist of features. Wallets are categorized into four stages: Stage 0 lacks security measures; Stage 0.5 covers some features but still poses significant preventable loss risks; Stage 1 protects users from most common vulnerabilities; and Stage 2 safeguards assets in complex scenarios like cross-chain and DNS attacks.
Bruikman emphasized that the current focus of 1TS is on enhancing user experience security, particularly through advancing Clear Signing to eliminate blind signing practices. The WalletBeat grading standard is intended to pressure wallet manufacturers to upgrade their security measures. Additionally, Bruikman revealed that by the end of the first quarter of 2026, Ethereum had experienced 16 major security incidents, resulting in losses of $93 million, with historical cumulative losses exceeding $7 billion for Ethereum L1.#EthereumFoundation #WalletSecurity #TrillionDollarSecurityPlan #1TS #WalletBeat #ClearSigning #SecurityMaturityModel #EthCC9 #CrossChainSecurity #DNSAttacks #EthereumSecurity #BlockchainSecurity #CryptoWallets #EthereumL1 #SecurityIncidents #CryptoLosses