Ledger Chief Technology Officer Charles Guillemet issued a critical warning on Monday when he recommended that some people temporarily cease onchain transactions in light of what appears to be a major cyber attack.
“There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk,” Guillemet said in post to X. “If you use a hardware wallet, pay attention to every transaction before signing and you’re safe. If you don’t use a hardware wallet, refrain from making any on-chain transactions for now.”
Guillemet’s warning follows what @0xCygaar called a “supply chain attack currently affecting the NPM account of a reputable developer.” Some have suggested the event could be “the largest supply chain attack ever.”
A supply chain attack involves a hacker or hackers compromising a trusted part of the software distribution process rather than targeting individual users.
“The malicious payload works by silently swapping crypto addresses on the fly to steal funds,” Guillemet said.
In simple terms, it appears a hacker took over the account of a trusted software developer on NPM, a popular platform where developers share code for JavaScript projects. These compromised packages have allegedly been downloaded over a billion times, potentially affecting any number of websites and apps — including crypto projects.
As of now, it appears that the hacker was able to add code that changes cryptocurrency addresses in the background, thereby tricking users into sending money to the hacker instead of their intended recipient — not unlike how North Korean hackers were able to drain $1.5 billion in funds from crypto exchange Bybit earlier this year.
The Ledger executive is one of many crypto developers to notice the attack. GCR’s 0x_ultra said that “Chalk and projects with it as dependency (2 billion+ weekly downloads) have been pwned … packages which total 2 billion+ weekly downloads are compromised and stealing all your private keys.”
The package maintainer, whose accounts were compromised in the supply-chain attack, confirmed the incident earlier today in a post on Bluesky.
“[H]e was aware of the compromise and adding that the phishing email came from … a domain that hosts a website impersonating the legitimate npmjs.com domain,” according to Bleeping Computer. “In the emails, the attackers threatened that the targeted maintainers’ accounts would be locked on September 10th, 2025, as a scare tactic to get them to click on the link redirecting them to the phishing sites.”
According to @0x_ultra, the packages appear to have been patched around 15:15 UTC, though others remain concerned that website frontends may still be vulnerable.
“If you use a Ledger or hardware wallet with clear signing, you are not at risk,” Guillemet stressed.
“Looks like NPM disabled the compromised versions of these packages,” said @0xCygaar. “However, if your app did an npm update in the last few hours you might still be at risk. Would highly recommend devs check all their dependencies.”
© 2025 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.
Trade Crypto On Coinhub Exchange
Trade Crypto On Coinhub Exchange
Stay ahead of the market by turning news insights into trading opportunities. With Coinhub Exchange, you can seamlessly buy, sell, and manage your digital assets, all in one secure platform. Take advantage of real-time market insights, deep liquidity, and fast execution for your favorite cryptocurrencies. Don’t just read about it — trade crypto now!
Disclaimer
The content of this article shown by Coinhub News, powered by The Block, is for informational purposes only and should not be construed as financial, legal, tax, or investment advice. Coinhub News and its affiliates are not a licensed financial advisor, legal advisor, broker, or tax advisor, and ... should not be considered as professional advice or a recommendation to engage in any specific investment, legal decision, or financial transaction. Cryptocurrency markets are highly speculative and volatile. Readers should perform their own independent research and consult with a qualified professional before making any financial or legal decisions. The opinions expressed in this article are those of the author and do not necessarily represent the views or opinions of the Company of its affiliates. Additionally, the Company does not make any representations or warranties regarding the accuracy, timeliness, reliability, or completeness of any information in this article. By accessing this content, you acknowledge that any reliance on the information contained in this article is solely at your own risk. The Company is not responsible for any financial losses, legal disputes, or other damages that may arise from reliance on this content or from any investment or legal decisions based on the information provided. Investing in cryptocurrencies involves substantial risks, including the risk of losing your entire investment, and you should carefully consider whether it is appropriate for your circumstances.
Read more
