Market Watch

Ledger CTO Warns Users to Halt Onchain Transactions Amid Massive NPM Supply Chain Attack

Ledger Chief Technology Officer Charles Guillemet issued a critical warning on Monday when he recommended that some people temporarily cease onchain transactions in light of what appears to be a major cyber attack. “There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk,” Guillemet said in post to X.

“If you use a hardware wallet, pay attention to every transaction before signing and you’re safe. If you don’t use a hardware wallet, refrain from making any on-chain transactions for now.” Guillemet’s warning follows what @0xCygaar called a “supply chain attack currently affecting the NPM account of a reputable developer.” Some have suggested the event could be “the largest supply chain attack ever.”

A supply chain attack involves a hacker or hackers compromising a trusted part of the software distribution process rather than targeting individual users. “The malicious payload works by silently swapping crypto addresses on the fly to steal funds,” Guillemet said.

In simple terms, it appears a hacker took over the account of a trusted software developer on NPM, a popular platform where developers share code for JavaScript projects. These compromised packages have allegedly been downloaded over a billion times, potentially affecting any number of websites and apps — including crypto projects.

As of now, it appears that the hacker was able to add code that changes cryptocy addresses in the background, thereby tricking users into sending money to the hacker instead of their intended recipient — not unlike how North Korean hackers were able to drain $1.5 billion in funds from crypto exchange Bybit earlier this year.

The Ledger executive is one of many crypto developers to notice the attack. GCR’s 0x_ultra said that “Chalk and projects with it as dependency (2 billion+ weekly downloads) have been paned … packages which total 2 billion+ weekly downloads are compromised and stealing all your private keys.” The package maintainer, whose accounts were compromised in the supply-chain attack, confirmed the incident earlier today in a post on Bluesky.

“He was aware of the compromise and adding that the phishing email came from … a domain that hosts a website impersonating the legitimate npmjs.com domain,” according to Bleeping Computer. “In the emails, the attackers threatened that the targeted maintainers’ accounts would be locked on September 10th, 2025, as a scare tactic to get them to click on the link redirecting them to the phishing sites.”

According to @0x_ultra, the packages appear to have been patched around 15:15 UTC, though others remain concerned that website frontends may still be vulnerable. “If you use a Ledger or hardware wallet with clear signing, you are not at risk,” Guillemet stressed. “Looks like NPM disabled the compromised versions of these packages,” said @0xCygaar. “However, if your app did an npm update in the last few hours you might still be at risk. Would highly recommend devs check all their dependencies.”

Terron Gold

Recent Posts

SWIFT Launches Blockchain Ledger Pilot With 17 Banks for Tokenized Deposits

SWIFT has launched a new blockchain-based ledger pilot with 17 major banks to test how tokenized deposits can move across…

6 days ago

Sony Bank Wins U.S. Approval to Launch Dollar Stablecoin Trust Bank

Sony Bank, the banking arm of Sony Financial Group, has received conditional approval from the Office of the Comptroller…

7 days ago

PayPal USD Launches Natively on Polygon to Expand Global Stablecoin Payments

PayPal has expanded its stablecoin strategy by launching PayPal USD (PYUSD) natively on the Polygon blockchain, giving businesses direct access…

7 days ago

BONK Faces $20 Million Treasury Attack After Malicious Governance Proposal Passes

BONK, one of Solana's most recognizable memecoins, is facing a major governance crisis after an…

1 week ago

World Leaves Solana for Robinhood Chain in Major Bet on Tokenized Finance

World, the blockchain ecosystem co-founded by Sam Altman, is shifting its prediction market infrastructure from Solana to the…

1 week ago

BNB Chain Unveils New Layer 1 Built for AI Agent Trading, Targets 2027 Mainnet Launch

BNB Chain has revealed plans to build a brand-new Layer 1 blockchain specifically designed for the next generation…

1 week ago