ChainCatcher 消息,Ledger 首席技术官 Charles Guillemet 发文称,目前正在发生一起大规模供应链攻击:一名知名开发者的 NPM 账号遭到入侵。受影响的包下载量已超过 10 亿次,这意味着整个 JavaScript 生态系统都可能面临风险。恶意代码的工作原理是在后台静默篡改加密货币地址,以此窃取资金。如果你使用硬件钱包,请仔细核对每一笔签名交易,你就是安全的。如果你没有使用硬件钱包,请暂时避免进行任何链上交易。目前尚不清楚攻击者是否已经在直接窃取软件钱包的助记词。
详细报告。如果你使用的是 Ledger 或其他支持清晰签名的硬件钱包,则不会受到影响。我之前的推文是提醒:未使用支持清晰签名的硬件钱包的用户存在风险。请务必在签名前仔细检查每一笔交易。
。Disclaimer: Investing carries risk. This is not financial advice. The above content should not be regarded as an offer, recommendation, or solicitation on acquiring or disposing of any financial products, any associated discussions, comments, or posts by author or other users should not be considered as such either. It is solely for general information purpose only, which does not consider your own investment objectives, financial situations or needs. TTM assumes no responsibility or warranty for the accuracy and completeness of the information, investors should do their own research and may seek professional advice before investing.