# Supply Chain Attack A supply chain attack in crypto hardware refers to a type of cyber attack where a malicious actor attempts to compromise a cryptocurrency hardware wallet or other hardware device used for storing or trading cryptocurrencies by tampering with its supply chain. With hardware wallets, the need to have a secure supply chain system applies both to software and hardware. In reference to software, the risk factors consist of the ability of the user to verify the authenticity of the software that they are using - especially when it comes to any malware that may exist on software that is downloaded from unofficial websites. Hardware security pertains to the integrity of the chips used with the product, and the firmware that the hardware is operating on. Cypherock has taken measures to protect users from any potential supply chain related issues. Cypherock's cySync app can be downloaded from Cypherock's [website](https://www.cypherock.com/get-started) and can also be viewed on Cypherock's [github](https://github.com/Cypherock). Additionally, Cypherock uses a secure [provisioning method](https://github.com/Cypherock/x1_wallet_firmware/blob/main/docs/device_provision_auth.md) that is used to detect any malicious changes in the hardware or firmware of the X1 Vault. Lastly, before the product can be used, both the X1 Vault and the X1 card authenticate each other to establish an end-to-end encrypted session. This will also fail in case any one of the devices or cards is not an authenticated product from Cypherock. Before shipment, each device is provisioned with a unique set of private-public keys for device authentication and NFC card pairing. Authentication is performed by verification of signatures generated by the private key in the device. Signature verification is performed by the server using the corresponding public key. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cypherock.com/security-overview/physical-attacks/supply-chain-attack.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.