The day does not pass Crypto Coins Do not come up with new cyber attacks. Cyber attackers are called every way with the appetite of seizing big spoils. In the last attack, the account of a developer with code libraries was seized. Ledger It is recommended that those who use the hardware wallet do not do for a while.
Hardware wallet attack
Crypto Money Investors Central Equipment Wallet Crypto Coins He uses it like a safe for. Although these are safer than other wallets, there are also attacks that affect hardware wallets such as Ledger. Today, the technology director of the Ledger application Charles Guillenet issued an important warning.
“A large source distribution chain attack continues: a respected developer’s NPM account has been seized. The affected packages have already been reduced more than 1 billion, which means that the entire JavaScript ecosystem may be at risk.
The malicious load works by quietly changing the crypto addresses to play funds.
If you use the hardware wallet, carefully examine each operation before signing, so you will be safe.
If you do not use the hardware wallet, avoid doing any operation on the chain for now. It is not yet clear whether the attacker is playing the seeds directly from the software wallets at this stage. ”
Jdstaerk became the first name that revealed it and wrote;
“The popular NPM package is endangered ERROR-EX (more than 47 million downloads per week). The version 1.3.3 contains malicious code.
Network requests and wallet transactions by seizing the receiving addresses with the attacker’s addresses and crypto currency is a “crypto-klipper”. “
Warning to Crypto Money Investors
There is an important attack on JS libraries. I can explain this in a simple way. Imagine a famous book writer, this is such a great writer that other writers, content producers quotes from the books. The Hacked NPM Library means that the code structures developed by my author can be changed. In other words, the quotations of the authors can be seen as in the real source, but as the attacker changes.
Using the developer’s NPM library Defi A software developer who develops a platform or hardware wallet interface or a normal wallet interface is suddenly confronted with the surprise of adding harmful blocks to the code of the source software. Malicious people can make insecure website or wallets that are actually safe by playing in the code libraries used by more than 1 million developers.
For example, the buyer can automatically replace the receiving wallet with his own address. Or he can seize the seeds of the wallet. Since the attacker, who seized a reliable library used as a source, also obtains amendments to the code blocks in this library, more than 1 million developers use these code blocks remotely. For all these reasons From crypto hardware wallets It seems to make sense not to make a period of transactions for a while and to take a break in smart contracts.
What developers can do is to fix the attacked Error-EX to version 1.3.2 and keep it away from the new harmful version systems.
“Use the overrides feature in your Package.Json file. Use NPM Ci instead of NPM install in the compilation sequential order.” – Jdstaerk
Responsibility Rejection: The information contained in this article does not contain investment advice. Investors should be aware that crypto currencies carry high volatility and thus risk and carry out their operations in line with their own research.
