Developments that marked the new week in the crypto sector were related to security risks. Ledger's Chief Technology Officer (CTO) Charles Guillemet warned investors about a large-scale supply chain attack on software packages that have reached billions of downloads, while Switzerland-based platform SwissBorg announced that it had lost approximately $41 million in Solana (SOL) due to an attack targeting its staking partner.
Critical warning from Ledger CTO
Ledger CTO Guillemet stated on Monday that a supply chain attack shaking the JavaScript ecosystem is ongoing. "A respected developer's NPM account has been compromised. The affected packages have been downloaded more than a billion times, and the entire ecosystem could be at risk," he said.
Guillem emphasized that investors who don't use hardware wallets should be especially cautious: "If you don't have a hardware wallet, avoid on-chain transactions for now. Hardware wallet users can stay safe by carefully reviewing each transaction before signing."
The scale of the attack sparked speculation in the crypto community that it "could be the largest supply chain attack ever seen." Hackers allegedly injected malicious code into downloaded packages, changing transaction addresses in the background, and then redirecting funds to their own wallets without users' awareness.
SwissBorg Loses $41 Million in SOL
Another development that came on the same day as Ledger's warning involved a loss that directly impacted users. Swiss-based platform SwissBorg confirmed that approximately 192,600 SOL ($41.3 million) was lost as a result of its partner API being compromised.
The company explained that the attack did not affect its own application but only targeted its "SOL Earn Program." A SwissBorg spokesperson said, "This is a difficult day for us. However, we will use our SOL treasury to compensate the majority of our users." It was also stated that the company is collaborating with white-hat hackers and security partners to recover the stolen funds. Ultimately, while the Supply Chain attack impacted software developers and, indirectly, millions of users, the SwissBorg incident highlighted the risk of partnering with centralized platforms.
Experts recommend that users use hardware wallets, carefully check addresses in transaction signatures, and choose trusted partners for staking transactions on centralized platforms.
