Meet Ledger Nano™ Gen5, the most playful signer yet

Discover now

The most playful signer yet

Meet Ledger Nano™ Gen5

Shop now Learn more

Supply Chain Attack

Aug 24, 2025 | Updated Aug 24, 2025
A supply chain attack targets vulnerabilities in third-party vendors, software, or services to gain access to a primary target's systems.

What Is a Supply Chain Attack?

A supply chain attack is a cyberattack method where hackers compromise a trusted third-party provider to gain access to their ultimate target. Instead of directly attacking a well-secured organization, attackers infiltrate a less secure vendor, supplier, or service provider that has access to the target’s systems. The attack then spreads from the compromised third party to the intended victim.

When a company trusts a vendor’s software or services, it may grant significant access to certain systems, making supply chain attacks an effective way to bypass traditional security measures.

In the cryptocurrency and blockchain space, supply chain attacks can target wallet software, cryptocurrency exchanges, and blockchain development tools. One of the highest-profile supply chain attacks was 2020’s SolarWinds hack, where malicious code was inserted into software updates that were then distributed to thousands of customers.

How Does a Supply Chain Attack Work?

Supply chain attacks typically unfold in several stages.

First, attackers identify a third-party vendor that has access to their primary target. They then compromise the vendor’s systems through various means such as stealing credentials, social engineering, exploiting security vulnerabilities, or injecting malicious code. Once inside the vendor’s network, attackers can steal data, gain unauthorized access to customer systems, or inject malicious code into the vendor’s products or services.

In crypto contexts, this might involve compromising a popular wallet application or injecting malicious code into a blockchain development library.. The distributed nature of software development and the reliance on open-source components can make the crypto ecosystem particularly vulnerable to these types of attacks. This is exactly why the makers of the Secure Element chips in Ledger devices prevent firmware developers from disclosing parts of the code that are circuit-dependent.

Supply chain attacks can be difficult to detect because the malicious activity appears to come from legitimate, trusted sources. Organizations can work to prevent them by carefully vetting their vendors, monitoring third-party access, and implementing security measures that assume even trusted partners could be compromised.

Flash Loan

Flash loans allow you to borrow crypto assets without collateral or borrowing limits within the DeFi space. The lending condition is that you pay back the loan within the same blockchain transaction.

Full definition

zkEVM

Full definition

Cross-Chain

Cross-chain technology allows blockchains to share and access information and assets across different blockchains without intermediaries.

Full definition

Own your crypto future

Stay informed with security tips, updates, and exclusive offers from Ledger

Your email address will only be used to send you our newsletter, as well as updates and offers. You can unsubscribe at any time. Learn more

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.