Ledger CTO: Major Supply Chain Attack Underway, Entire JavaScript Ecosystem Could Be at Risk

BlockBeats News, September 9th, Ledger's Chief Technology Officer Charles Guillemet stated in a post that "a large-scale supply chain attack is currently taking place: a well-known developer's NPM account has been compromised. The affected package has been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.

The malicious code works by silently altering a cryptocurrency address in the background to steal funds.

If you use a hardware wallet, please carefully verify each transaction signature, and you are safe.
If you do not use a hardware wallet, please refrain from making any on-chain transactions for now.
It is currently unclear whether the attacker has already stolen the software wallet's mnemonic phrase.

Detailed report. If you use Ledger or another hardware wallet that supports transparent signatures, you will not be affected. My previous tweets were a reminder: users who do not use hardware wallets supporting transparent signatures are at risk. Be sure to carefully review each transaction before signing."