A major supply-chain attack has infiltrated widely used JavaScript packages, potentially putting billions of dollars in crypto at risk. Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned that hackers have compromised a reputable developer’s Node Package Manager (NPM) account to push malicious code into packages downloaded more than a billion times. The injected malware is designed to quietly swap cryptocurrency wallet addresses in transactions, meaning users could unknowingly send funds directly to attackers. "There’s a large-scale supply chain attack in progress: the NPM account of a ... (full story)