Meet Ledger Nano™ Gen5, the most playful signer yet

Discover now

The most playful signer yet

Meet Ledger Nano™ Gen5

Shop now Learn more

Supply Chain Attack

Aug 24, 2025 | Updated Aug 24, 2025
A supply chain attack targets vulnerabilities in third-party vendors, software, or services to gain access to a primary target's systems.

What Is a Supply Chain Attack?

A supply chain attack is a cyberattack method where hackers compromise a trusted third-party provider to gain access to their ultimate target. Instead of directly attacking a well-secured organization, attackers infiltrate a less secure vendor, supplier, or service provider that has access to the target’s systems. The attack then spreads from the compromised third party to the intended victim.

When a company trusts a vendor’s software or services, it may grant significant access to certain systems, making supply chain attacks an effective way to bypass traditional security measures.

In the cryptocurrency and blockchain space, supply chain attacks can target wallet software, cryptocurrency exchanges, and blockchain development tools. One of the highest-profile supply chain attacks was 2020’s SolarWinds hack, where malicious code was inserted into software updates that were then distributed to thousands of customers.

How Does a Supply Chain Attack Work?

Supply chain attacks typically unfold in several stages.

First, attackers identify a third-party vendor that has access to their primary target. They then compromise the vendor’s systems through various means such as stealing credentials, social engineering, exploiting security vulnerabilities, or injecting malicious code. Once inside the vendor’s network, attackers can steal data, gain unauthorized access to customer systems, or inject malicious code into the vendor’s products or services.

In crypto contexts, this might involve compromising a popular wallet application or injecting malicious code into a blockchain development library.. The distributed nature of software development and the reliance on open-source components can make the crypto ecosystem particularly vulnerable to these types of attacks. This is exactly why the makers of the Secure Element chips in Ledger devices prevent firmware developers from disclosing parts of the code that are circuit-dependent.

Supply chain attacks can be difficult to detect because the malicious activity appears to come from legitimate, trusted sources. Organizations can work to prevent them by carefully vetting their vendors, monitoring third-party access, and implementing security measures that assume even trusted partners could be compromised.

Transaction ID (TXID)

A transaction ID (TXID) or transaction hash is a unique set of numbers given to every verified transaction on the blockchain.

Full definition

Dynamic NFT

Dynamic NFTs are a category of NFTs designed to change their characteristics based on certain pre-defined conditions. They have codes in their smart contracts that enable them to achieve this change.

Full definition

Open Source

Open source is a principle between developers who believe in creating, sharing, and modifying data freely for public use. Transparency and free participation are often the goal.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.