Ledger CEO Pascal Gauthier addressed the “supply chain attack” on its Ledger ConnectKit in a post on Thursday.

“The standard practice at Ledger is that no single person can deploy code without review by multiple parties. We have strong access controls, internal reviews and multi-signature code when it comes to most parts of our development. This is the case in 99% of our internal systems. Any employee who leaves the company has their access revoked from every Ledger system,” Gauthier said. 

However, that was not the case on Thursday morning when a former employee was the subject of a phishing attack, giving the hacker an open door to Ledger’s package manager. It’s still…

Read more on Blockworks