Ledger Wallet™ just got a major upgrade.

Take control today

A whole new level of choice, clarity and control

Trade different via Ledger Wallet 4.0

Download now Learn more

Supply Chain Attack

Aug 24, 2025 | Updated Aug 24, 2025
A supply chain attack targets vulnerabilities in third-party vendors, software, or services to gain access to a primary target's systems.

What Is a Supply Chain Attack?

A supply chain attack is a cyberattack method where hackers compromise a trusted third-party provider to gain access to their ultimate target. Instead of directly attacking a well-secured organization, attackers infiltrate a less secure vendor, supplier, or service provider that has access to the target’s systems. The attack then spreads from the compromised third party to the intended victim.

When a company trusts a vendor’s software or services, it may grant significant access to certain systems, making supply chain attacks an effective way to bypass traditional security measures.

In the cryptocurrency and blockchain space, supply chain attacks can target wallet software, cryptocurrency exchanges, and blockchain development tools. One of the highest-profile supply chain attacks was 2020’s SolarWinds hack, where malicious code was inserted into software updates that were then distributed to thousands of customers.

How Does a Supply Chain Attack Work?

Supply chain attacks typically unfold in several stages.

First, attackers identify a third-party vendor that has access to their primary target. They then compromise the vendor’s systems through various means such as stealing credentials, social engineering, exploiting security vulnerabilities, or injecting malicious code. Once inside the vendor’s network, attackers can steal data, gain unauthorized access to customer systems, or inject malicious code into the vendor’s products or services.

In crypto contexts, this might involve compromising a popular wallet application or injecting malicious code into a blockchain development library.. The distributed nature of software development and the reliance on open-source components can make the crypto ecosystem particularly vulnerable to these types of attacks. This is exactly why the makers of the Secure Element chips in Ledger devices prevent firmware developers from disclosing parts of the code that are circuit-dependent.

Supply chain attacks can be difficult to detect because the malicious activity appears to come from legitimate, trusted sources. Organizations can work to prevent them by carefully vetting their vendors, monitoring third-party access, and implementing security measures that assume even trusted partners could be compromised.

Proof of Knowledge (PoK)

Proof of knowledge refers to a protocol where one party (the prover) succeeds in convincing the other party (the verifier) that they know something.

Full definition

Zero-Knowledge Machine Learning (zkML)

Zero-knowledge machine learning is a cryptographic technique that facilitates the verification of machine learning models on blockchain protocols without disclosing the underlying computations or data.

Full definition

Volatility

Volatility is a measure of how much an asset’s price fluctuates over time. It describes how much and how quickly a particular asset’s value can shift.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.