Acquista cryptoMercatiSpotFuturesGOLDEarnCentro eventi
Altro
USD1 Genesis
This article explains how a poisoned NPM package led to stolen Bitcoin, why the protocol remained secure, and why Bitcoin-only tools like…Continue reading on Coinmonks »This article explains how a poisoned NPM package led to stolen Bitcoin, why the protocol remained secure, and why Bitcoin-only tools like…Continue reading on Coinmonks »

When Software Fails: The Ledger Live Supply-Chain Compromise

Autore: Medium
Fonte: Medium
2025/09/10 21:29
1 min di lettura
LIKE
LIKE$0.001138+4.49%
Per feedback o dubbi su questo contenuto, contattateci all'indirizzo crypto.news@mexc.com.

This article explains how a poisoned NPM package led to stolen Bitcoin, why the protocol remained secure, and why Bitcoin-only tools like Coldcard and Sparrow avoid this risk.

Michael P. Di Fulvio
6 min read
·
Just now

--

Share

The Ledger Live Supply-Chain Attack: Protocol-Level Lessons on Dependency Risk in Bitcoin Custody

Abstract

In December 2023, Ledger Live—the software companion to Ledger hardware wallets—was compromised through a poisoned NPM dependency, allowing attackers to silently replace recipient Bitcoin addresses during transaction construction. Nearly $1 million in assets was stolen before the issue was patched. While the Bitcoin protocol and Ledger devices remained uncompromised, the attack revealed the fragility of modern dependency chains and the risks of user complacency during address verification. As of 2025, the stolen funds remain scattered across the blockchain, and the lessons remain urgent: supply-chain vulnerabilities are an ongoing threat, and hardware wallet screens—not application interfaces—must be treated as the final source of truth.

Introduction

In late 2023, Ledger Live—the companion application for Ledger hardware wallets—became the focal point of a supply-chain attack. The incident did not compromise Bitcoin itself, nor the Ledger…

Disclaimer: gli articoli ripubblicati su questo sito provengono da piattaforme pubbliche e sono forniti esclusivamente a scopo informativo. Non riflettono necessariamente le opinioni di MEXC. Tutti i diritti rimangono agli autori originali. Se ritieni che un contenuto violi i diritti di terze parti, contatta crypto.news@mexc.com per la rimozione. MEXC non fornisce alcuna garanzia in merito all'accuratezza, completezza o tempestività del contenuto e non è responsabile per eventuali azioni intraprese sulla base delle informazioni fornite. Il contenuto non costituisce consulenza finanziaria, legale o professionale di altro tipo, né deve essere considerato una raccomandazione o un'approvazione da parte di MEXC.

Potrebbe anche piacerti

Zcash Price Prediction Lags as Pepeto Offers Bigger Upside Before Listing

Zcash Price Prediction Lags as Pepeto Offers Bigger Upside Before Listing

ZEC just rallied over 30% to $336 after the US Iran ceasefire triggered a privacy coin wave, and the value held in shielded Zcash pools hit a record $5.18 billion
Condividi
Techbullion2026/04/11 03:40
US Dollar Index Grips 100.00 as Iran War Fears and Trump Deadline Rattle Markets

US Dollar Index Grips 100.00 as Iran War Fears and Trump Deadline Rattle Markets

BitcoinWorld US Dollar Index Grips 100.00 as Iran War Fears and Trump Deadline Rattle Markets NEW YORK, April 2025 – The US Dollar Index (DXY), a critical benchmark
Condividi
bitcoinworld2026/04/11 03:45
Trump promising mass White House pardons: report

Trump promising mass White House pardons: report

President Donald Trump is promising mass pardons to White House staff, and has done so repeatedly, the Wall Street Journal reports.“I’ll pardon everyone who has
Condividi
Alternet2026/04/11 04:34

USD1 Genesis: 0 Fees + 12% APR

USD1 Genesis: 0 Fees + 12% APRUSD1 Genesis: 0 Fees + 12% APR

New users: stake for up to 600% APR. Limited time!