Ledger CTO: NPM attackers failed, with few victims

Ledger CTO Charles Guillemet released the latest progress of the NPM attack: "The attack failed and caused almost no losses to the victims. The attacker stole user credentials through a phishing email from a fake npm support domain and then released a malware package update. The injected code targeted web encryption activities, invaded blockchain networks such as Ethereum and Solana to hijack transactions, and directly replaced wallet addresses in network responses. Due to the attacker's operational error, the CI/CD process collapsed, the attack was discovered in advance, and the scope of impact was limited. However, this is still a clear warning: if funds are stored in a software wallet or exchange, all funds may be lost with just one code execution. Supply chain security vulnerabilities remain an important way to spread malware, and targeted attacks are also increasing. Hardware wallets are designed to defend against such threats, and their features such as clear signatures