This article explains how a poisoned NPM package led to stolen Bitcoin, why the protocol remained secure, and why Bitcoin-only tools like…Continue reading on Coinmonks »This article explains how a poisoned NPM package led to stolen Bitcoin, why the protocol remained secure, and why Bitcoin-only tools like…Continue reading on Coinmonks »
When Software Fails: The Ledger Live Supply-Chain Compromise
This article explains how a poisoned NPM package led to stolen Bitcoin, why the protocol remained secure, and why Bitcoin-only tools like Coldcard and Sparrow avoid this risk.
Michael P. Di Fulvio
6 min read
·
Just now
--
Share
The Ledger Live Supply-Chain Attack: Protocol-Level Lessons on Dependency Risk in Bitcoin Custody
Abstract
In December 2023, Ledger Live—the software companion to Ledger hardware wallets—was compromised through a poisoned NPM dependency, allowing attackers to silently replace recipient Bitcoin addresses during transaction construction. Nearly $1 million in assets was stolen before the issue was patched. While the Bitcoin protocol and Ledger devices remained uncompromised, the attack revealed the fragility of modern dependency chains and the risks of user complacency during address verification. As of 2025, the stolen funds remain scattered across the blockchain, and the lessons remain urgent: supply-chain vulnerabilities are an ongoing threat, and hardware wallet screens—not application interfaces—must be treated as the final source of truth.
Introduction
In late 2023, Ledger Live—the companion application for Ledger hardware wallets—became the focal point of a supply-chain attack. The incident did not compromise Bitcoin itself, nor the Ledger…
Market Opportunity
Wink Price(LIKE)
$0.004505
$0.004505$0.004505
USD
Wink (LIKE) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact [email protected] for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
You May Also Like
Exploring the Future of the Internet with ‘web3 with a16z’
The post Exploring the Future of the Internet with ‘web3 with a16z’ appeared on BitcoinEthereumNews.com. Peter Zhang Sep 18, 2025 22:39 The podcast ‘web3 with a16z’ explores the transformative potential of Web3, offering insights from key industry figures on how this new internet era empowers users to own digital content. The podcast series “web3 with a16z” is shedding light on the transformative potential of the next generation of the internet, commonly referred to as Web3. This series, produced by a16z crypto, delves into how this burgeoning internet era empowers users, from artists to developers, to not just read or write but to own pieces of the digital landscape. Understanding Web3 In contrast to its predecessors, Web1 and Web2, which focused on reading and writing capabilities, Web3 introduces the concept of ownership. This shift is unlocking unprecedented levels of creativity and entrepreneurship, as individuals and organizations can now have a stake in the digital content they create or engage with. According to the a16z crypto, this ownership aspect is crucial in driving the next wave of innovation and economic opportunity in the digital realm. Diverse Content and Expert Insights The podcast doesn’t just stop at explaining the concepts; it offers a variety of formats and topics that cater to different interests within the crypto and Web3 space. From the latest trends to in-depth research and data insights, “web3 with a16z” provides a platform for top scientists and industry leaders to share their knowledge and expertise. This makes it a valuable resource for anyone looking to understand the nuances of crypto and the broader implications of Web3. A Resource for Builders and Users One of the core aims of the podcast is to serve as a definitive guide for both builders and users of the internet. Whether you are a coder, a company, or a community, the insights provided…
Share
BitcoinEthereumNews2025/09/19 19:50
Unstoppable: Why No Public Company Can Ever Catch MicroStrategy’s Massive Bitcoin Holdings
BitcoinWorld Unstoppable: Why No Public Company Can Ever Catch MicroStrategy’s Massive Bitcoin Holdings Imagine trying to build a mountain of gold, only to discover
Share
bitcoinworld2025/12/17 14:30
How Crypto Could Reshape Finance, AI, and Privacy by 2026: A16z Crypto
The post How Crypto Could Reshape Finance, AI, and Privacy by 2026: A16z Crypto appeared on BitcoinEthereumNews.com. From stablecoin payments to AI-driven agents
Share
BitcoinEthereumNews2025/12/17 14:38