Crypto Hardware Wallet Ledger’s Supply Chain Breach Results in $600,000 Theft

Crypto hardware wallet manufacturer Ledger fell victim to a $600K crypto theft, traced back to a phishing attack on a former employee. Attackers accessed Ledger’s npm account and pushed out three infected versions of its module, deploying crypto-drainer malware to other applications. Security firm Sonatype identified the rogue WalletConnect project rerouting funds to a hacker wallet. Ledger has published a clean module, removed the infected versions, and reported the associated wallet addresses to authorities.