BorsaDEX+
Kripto AlPiyasalarSpotVadeli İşlemler500XBirikimEtkinlikler
Daha Fazla
ELIZAOS Etkinliği
This article explains how a poisoned NPM package led to stolen Bitcoin, why the protocol remained secure, and why Bitcoin-only tools like…Continue reading on Coinmonks »This article explains how a poisoned NPM package led to stolen Bitcoin, why the protocol remained secure, and why Bitcoin-only tools like…Continue reading on Coinmonks »

When Software Fails: The Ledger Live Supply-Chain Compromise

Yazar: MediumKaynak: Medium
2025/09/10 21:29
Wink
LIKE$0.004481+13.87%
SecondLive
LIVE$0.0000511-5.77%
WHY
WHY$0.00000001529+0.13%

This article explains how a poisoned NPM package led to stolen Bitcoin, why the protocol remained secure, and why Bitcoin-only tools like Coldcard and Sparrow avoid this risk.

Michael P. Di Fulvio
6 min read
·
Just now

--

Share

The Ledger Live Supply-Chain Attack: Protocol-Level Lessons on Dependency Risk in Bitcoin Custody

Abstract

In December 2023, Ledger Live—the software companion to Ledger hardware wallets—was compromised through a poisoned NPM dependency, allowing attackers to silently replace recipient Bitcoin addresses during transaction construction. Nearly $1 million in assets was stolen before the issue was patched. While the Bitcoin protocol and Ledger devices remained uncompromised, the attack revealed the fragility of modern dependency chains and the risks of user complacency during address verification. As of 2025, the stolen funds remain scattered across the blockchain, and the lessons remain urgent: supply-chain vulnerabilities are an ongoing threat, and hardware wallet screens—not application interfaces—must be treated as the final source of truth.

Introduction

In late 2023, Ledger Live—the companion application for Ledger hardware wallets—became the focal point of a supply-chain attack. The incident did not compromise Bitcoin itself, nor the Ledger…

Piyasa Fırsatı
Wink Logosu
Wink Fiyatı(LIKE)
$0.004481
$0.004481$0.004481
+13.84%
USD
Wink (LIKE) Canlı Fiyat Grafiği
Sorumluluk Reddi: Bu sitede yeniden yayınlanan makaleler, halka açık platformlardan alınmıştır ve yalnızca bilgilendirme amaçlıdır. MEXC'nin görüşlerini yansıtmayabilir. Tüm hakları telif sahiplerine aittir. Herhangi bir içeriğin üçüncü taraf haklarını ihlal ettiğini düşünüyorsanız, kaldırılması için lütfen [email protected] ile iletişime geçin. MEXC, içeriğin doğruluğu, eksiksizliği veya güncelliği konusunda hiçbir garanti vermez ve sağlanan bilgilere dayalı olarak alınan herhangi bir eylemden sorumlu değildir. İçerik, finansal, yasal veya diğer profesyonel tavsiye niteliğinde değildir ve MEXC tarafından bir tavsiye veya onay olarak değerlendirilmemelidir.

Ayrıca Şunları da Beğenebilirsiniz

Vitalik Buterin Reveals Ethereum’s Long-Term Focus on Quantum Resistance

Vitalik Buterin Reveals Ethereum’s Long-Term Focus on Quantum Resistance

TLDR Ethereum focuses on quantum resistance to secure the blockchain’s future. Vitalik Buterin outlines Ethereum’s long-term development with security goals. Ethereum aims for improved transaction efficiency and layer-2 scalability. Ethereum maintains a strong market position with price stability above $4,000. Vitalik Buterin, the co-founder of Ethereum, has shared insights into the blockchain’s long-term development. During [...] The post Vitalik Buterin Reveals Ethereum’s Long-Term Focus on Quantum Resistance appeared first on CoinCentral.
Paylaş
Coincentral2025/09/18 00:31
World Bank backs Turkish women and youth with SME funding

World Bank backs Turkish women and youth with SME funding

The World Bank is to fund a new scheme to promote employment and economic empowerment for Turkish small scale enterprises, with a special emphasis on loans to women
Paylaş
Agbi2025/12/17 16:34
XRP Eyes $27 Target in 750% Rally Prediction as Accumulation Pattern Emerges Above $3

XRP Eyes $27 Target in 750% Rally Prediction as Accumulation Pattern Emerges Above $3

XRP remains strong above $3, drawing renewed investor optimism and commanding attention in the crypto market.
Paylaş
Coinstats2025/09/18 03:29