Supply Chain Attack

An attack that compromises software or hardware during development or distribution — injecting malicious code into an open-source dependency, a compiler, a firmware image, or a hardware device — so that end users receive a backdoored product. Supply chain attacks are particularly dangerous in crypto because even technically careful users may rely on compromised tooling. Verifying checksums, reproducible builds, and using air-gapped signing devices reduces exposure.