⚠️ Big Security Alert: What You Need to Know About the Recent Attack

Hello FFG Community,

A major security issue has been discovered that could affect a wide range of cryptocurrency wallets, including popular hot wallets like MetaMask and even hardware wallets like Ledger and Trezor.

A technical write-up of this issue can be found here: https://jdstaerk.substack.com/p/we-just-found-malicious-code-in-the.

Here's a simplified explanation:

What Happened?

Hackers managed to sneak malicious code into a popular software tool used by thousands of apps and websites. This tool is part of something called the NPM ecosystem, which developers use to build apps. Because so many apps rely on these tools, the attack spread quickly.

The bad code was designed to steal cryptocurrency by secretly changing wallet addresses during transactions. That means if you sent crypto, the hacker could swap your address for theirs—without you noticing.

Why Does This Matter?

• Massive Reach: The affected software is used in countless apps, so the impact is huge.
• Crypto Theft: The attack specifically targets crypto transactions, putting your funds at risk.
• Hidden Danger: Even trusted apps can be compromised because they rely on shared code.

Who’s at Risk?

Anyone who:

• A wide range of wallets, including MetaMask, Ledger, or Trezor
• Sends or receives crypto through apps or websites that might use these tools

How Could This Affect You?

• If you recently made a crypto transaction, your funds could be at risk.
• The malware is sneaky—it changes wallet addresses to ones that look almost identical to yours, making it hard to spot.

What Should You Do Right Now?

✅ Double-check wallet addresses before sending any crypto.

✅ Revoke old permissions using tools like Revoke.cash.

✅ Update your apps and wallets to the latest versions.

✅ Enable extra security like two-factor authentication (2FA) wherever possible.

✅ Stay informed—follow official updates from your wallet provider.

Everyday Tips to Stay Safe

• Never blindly approve transactions—always read what you’re signing.
• Keep your software updated.
• Use hardware wallets for large amounts of crypto.
• Bookmark official sites to avoid phishing.

Bottom Line

This attack shows how fragile the crypto ecosystem can be when hackers target the tools developers rely on. By staying alert and taking a few precautions, you can protect your funds.

FFG Team