What Is a Supply Chain Attack?

A supply chain attack is a cyberattack that targets the less-secure elements in a software or hardware supply chain to compromise the final product. In crypto, supply chain attacks can involve injecting malicious code into popular development libraries, wallet software, browser extensions, or hardware wallet firmware. These attacks are particularly dangerous because developers and users trust the compromised components. Notable examples include compromised npm packages targeting cryptocurrency wallets and backdoored hardware devices.