Supply Chain Incident
Ledger Connect Kit npm package compromise
A compromised Ledger Connect Kit npm release injected malicious code into downstream web applications and targeted cryptocurrency wallet transactions.
ConfidenceHigh
Evidence LevelVendor
Attack StageAccount Compromise
Source Artifact DivergenceNo
Affected Packages
Affected Releases
No structured records.
Repositories
No structured records.
Organizations
Maintainers
No structured records.
Threat Actors
No structured records.
Campaigns
No structured records.
Build Systems
No structured records.
Distribution Channels
- npm registry
Compromised Accounts
- @ledgerhq/connect-kit npm publish account
Connected Entities
- @ledgerhq/connect-kit Package
- @ledgerhq/connect-kit npm publish account Compromised Account
- Ledger Organization
- npm registry Distribution Channel
References
- Security Incident Report Ledger · 2023-12-14