Supply Chain Attack

A supply chain attack is a cyberattack in which an adversary compromises a trusted third-party provider, such as a software vendor, cloud service, or hardware manufacturer, to reach the attacker’s real target. Instead of breaking through an organization’s front-line defenses directly, the attacker abuses the “supply chain” of dependencies that the target relies on.

Crypto applications are built on layers of external code, infrastructure, and devices, including open-source libraries, wallet apps, browser extensions, RPC providers, and custody or trading integrations. A supply chain attack can occur when a malicious update is pushed through a legitimate distribution channel, when a dependency is hijacked and injected with harmful code, or when build systems and signing keys are compromised so that users download authentic-looking, but tainted, software.

In the Bitcoin and broader crypto ecosystem, this risk also extends to hardware. If a hardware wallet, firmware update, or the packaging and delivery process is tampered with, attackers may attempt to capture seed phrases, redirect addresses, or weaken device security. Similarly, compromising a popular wallet library or a widely used authentication component can create downstream exposure for many apps at once.

A typical example is a wallet app or browser extension that updates automatically, where the update server or developer account is breached and a malicious version is distributed to users. Another is a DeFi front end that depends on third-party scripts, where altering a dependency can quietly change what users sign, potentially enabling unauthorized approvals or transfers.