What happened
A supply chain attack introduced malware into popular NPM packages commonly used by software developers across the ecosystem on Monday, September 8th.
The malicious packages are in the process of being removed from NPM.
Impact and remediation
The Fireblocks product environment did not utilize any of the vulnerable NPM packages and is therefore not directly affected.
No Fireblocks customer transactions are known to have been impacted directly.
You may be impacted indirectly if:
- You built and deployed a tool using Fireblocks’ SDKs directly from the source starting September 8th, using one of the compromised versions.
-
Recommendations:
- Check for affected packages: Use vulnerability scanning software to independently confirm that your build does not include the affected NPM packages.
- If you discover the presence of an affected package, rebuild and redeploy using an affected version (earlier or patched).
- Check all activity using the tool in the last 24 hours.
-
Recommendations:
- You are using any 3rd party dApps
- Recommendation: Check with each dApp provider to confirm they are unaffected or have resolved the issue.Â