How Supply Chain Attacks Bypass the Secure Element

Previous articles in this series examined attack categories against the secure element itself: fault injection, invasive chip analysis, and side-channel techniques. These are real threats, but they belong to a tier of attack that requires significant resources, specialized equipment, and individual targeting. Most users will never face them.
 

Supply chain attacks are different. They do not require a laboratory or physical access to a device. They do not need to defeat the secure element at all because they operate in the code layers that sit above the chip. A single successful supply chain attack can affect thousands or millions of users simultaneously. The economics make them significantly more attractive to a wider range of attackers than any hardware-level technique.
 

This article examines supply chain risk in the software context, using two documented incidents involving one of the most widely used hardware wallet manufacturers in the world.

What a supply chain attack actually means

Instead of directly targeting the end user, attackers exploit a trusted relationship as their vector for a supply chain attack. This involves compromising something the end user relies on, such as a software library, a firmware update mechanism, or a distribution channel.

In hardware wallets, the most relevant supply chain vectors are:

• Device firmware delivered over the air: Updates that the manufacturer pushes to all devices, automatically or with user approval.
   
• Companion application libraries: Code that ships as part of the wallet's desktop or mobile software.
   
• Third-party JavaScript libraries: Code that the manufacturer's web-connected services depend on, sourced from public package registries like NPM.
   
• Distribution and logistics: Physical interception of devices before they reach the end user.

What makes these vectors dangerous is their scale. The attacker invests once and collects from everyone who touches the compromised component before it is detected and patched.

The secure element provides no protection against any of these vectors because these attacks never require the chip to be breached. They operate upstream of it. The key still lives safely inside the secure element while everything around it is manipulated.

Supply chain attack: Connect Kit (December 2023)

On December 14, 2023, a supply chain attack against Ledger's Connect Kit, a JavaScript library used by decentralized applications to interface with Ledger hardware wallets, resulted in between $484,000 and $600,000 in stolen assets. The attack lasted approximately five hours, with active fund draining concentrated in a roughly two-hour window. Dozens of major DeFi protocols were affected simultaneously.

The mechanics of how this happened reveal a great deal about where hardware wallet security actually fails in practice.

How the attack was executed

Ledger's Connect Kit is an open-source JavaScript library published on NPM, the Node Package Manager registry, the standard distribution channel for JavaScript code. Hundreds of decentralized applications integrated it to allow their users to connect Ledger hardware wallets to their interfaces.
 

Crucially, Ledger distributed the library not just through NPM's standard version-pinning mechanism but also via a CDN (Content Delivery Network) loader, causing dependent applications to automatically pull the latest version of the library at runtime rather than using a fixed, pinned version. 

This meant that the moment a new version appeared on NPM, every application using the CDN loader would run it immediately, with no review, no manual update, and no safety buffer.

The attacker gained access to the NPM publishing credentials of a former Ledger employee through a phishing attack. The former employee's access to Ledger's internal systems had been properly revoked during offboarding, but their NPM API key had not been revoked.

API keys bypass NPM's two-factor authentication requirements, meaning the attacker needed only the key, not any secondary authentication.

With publishing access obtained, the attacker pushed three malicious versions of the Connect Kit (1.1.5, 1.1.6, and 1.1.7) containing the Angel Drainer malware, a wallet-draining payload that crafted malicious transaction approval requests that, when signed by a user, transferred assets to the attacker's wallet.
 

When the CDN loader automatically pulled the latest version, affected dApps began serving malicious code to their users within minutes of publication, with no action required from any of those app developers.
 

Ledger responded quickly, deploying a patched version within 40 minutes of the internal alert and coordinating with Tether to freeze the stolen funds. The point of this analysis is that the attack vector existed and was exploited.

Upgradable firmware as a supply-chain risk

The Ledger Recover controversy (May 2023) highlighted a supply-chain risk inherent to any hardware wallet with upgradable firmware. Ledger's opt-in seed backup service, which encrypted and transmitted seed phrase fragments to three custodians via firmware, wasn't an attack, but it proved that a worrisome capability existed.

A firmware update, signed and pushed by the manufacturer, could instruct the secure element to handle and transmit seed material. As we explored in our Ledger Recover breakdown, secure boot only protects against third-party firmware; it doesn't constrain what the manufacturer deploys. That update channel is a supply chain vector. 

If a manufacturer's signing infrastructure were compromised, or government-mandated backdoors via update forced a silent capability change, users would have no way to detect it in advance.
 

What happens in a device with upgradable firmware?

When you rely on a hardware wallet with manufacturer-controlled firmware updates, you are trusting:

• The manufacturer's intentions: that the company will not intentionally push firmware that compromises user security, now or in the future, regardless of commercial pressures, regulatory demands, or changes in ownership.
   
• The manufacturer's signing key infrastructure: that the private keys used to sign firmware are properly secured and have never been compromised. A stolen signing key would allow an attacker to push manufacturer-authenticated firmware to all devices.
   
• The entire update delivery pipeline: every distribution channel involved in moving firmware from development to the device.
   
• The manufacturer's internal processes: employee access controls, offboarding procedures, code review requirements, and secure build systems.
   
• The regulatory environment: manufacturers are subject to the laws of their jurisdiction. A government with authority over a manufacturer can, in principle, compel the delivery of firmware that serves state interests.

None of this means upgradable firmware is indefensible as an architecture. It means the defense is distributed across a larger and more complex trust surface than most users examine.
 

The alternative: immutable firmware

Some hardware wallets, like Tangem, use firmware that is burned into the device at manufacture and cannot be updated by anyone after the device leaves the factory. This approach makes a fundamentally different security trade-off.
 

The advantages are rather direct: the firmware supply chain attack surface is eliminated. There is no update mechanism to compromise, no signing key to steal, no pipeline to poison. Whatever firmware was deployed at manufacture is what the device runs for its entire life.
 

The manufacturer has no post-deployment control over the device's behavior, which means they also have no channel through which they could, voluntarily or under compulsion, modify what the device does.
 

An independent firmware audit by companies like Kudelski Security, Riscure, and SlowMist can confirm that the firmware is reliable and truly immutable. Users of immutable devices must rely on the initial audit quality and may need to replace hardware for major protocol changes.

Final thoughts

A supply chain attack does not require laboratory equipment, side-channel analysis, or physical access to a device.

They can scale naturally and efficiently to every user of every affected product simultaneously. Attackers operate in layers that most users never inspect, through mechanisms that are either invisible or quietly assumed to be trustworthy.

Always verify wallet authenticity on first setup, buy directly from the manufacturer or verified resellers, and be skeptical of any app that asks you to approve something you do not recognize. 
 

References

1. Ledger Security Incident Report (Connect Kit, December 2023) – Ledger official blog
2. Ledger Bats Back Criticism of New Wallet Recovery Service – CoinDesk, 2023
3. Ledger Delays Key-Recovery Service After Uproar – CoinDesk, 2023
4. Supply Chain Attack – NIST CSRC Glossary
5. Tangem Announces Second Successful Hardware Wallet Audit (Riscure) – Tangem Blog