Close Menu
  • Home
  • Altcoin
  • Bitcoin
  • Crypto
  • Forex
  • Online Money
What's Hot

op return – What is the justification for allowing multiple OP_RETURN outputs per transaction in Bitcoin Core v30?

October 4, 2025

Highest Lowest MT4 Indicator – ForexMT4Indicators.com

October 4, 2025

Google Search serving issue in some locales

October 4, 2025
Facebook X (Twitter) Instagram
  • Altcoin
  • Bitcoin
  • Crypto
  • Forex
  • Online Money
Facebook X (Twitter) Instagram
Cointelegraphe
  • Home
  • Altcoin
  • Bitcoin
  • Crypto
  • Forex
  • Online Money
Cointelegraphe
Home»Bitcoin»Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads
Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads
Bitcoin

Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads

adminBy adminSeptember 9, 2025No Comments2 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email



Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account.

According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it.

Guillemet did not name the developer whose account he said was compromised.

The incident underscores how deeply interconnected open-source software is and why security lapses in developer tools can ripple into the crypto economy almost instantly.

🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.

The malicious payload works…

— Charles Guillemet (@P3b7_) September 8, 2025

“NPM is a tool commonly used in software development using JavaScript, which makes integrating packages easy for developers,” said Guillemet in a message to CoinDesk. When an attacker compromises a developer’s account, they can slip malicious code into widely used packages.

“The malicious code attempts to drain users by swapping addresses used in transaction or general on-chain activity and replacing them with the hacker’s address,” Guillemet added.

Guillemet stressed that if any decentralized application or software wallet across any blockchain includes these JavaScript packages, then they could be compromised, and crypto users could therefore lose their funds.

“The only sure way to combat this is to use a hardware wallet with a secure screen that supports Clear Signing,” said Guillemet to CoinDesk. “This will allow the user to see exactly which addresses funds are being sent to and ensure they match the intended addresses.”

“Hardware wallets without secure screens and any wallet that doesn’t support Clear signing is at high risk as it is impossible to accurately verify the transaction details are correct,” he added.

“It’s an opportunity to remind everyone: always verify your transactions, never blind sign, use a hardware wallet with a secure screen, and Clear Sign everything,” Guillemet said.

Read more: Ledger CTO Addresses Criticism of New Wallet Recovery Service





Source link

attack charles-guillemet CTO Downloads Hack Hitting Ledger NPM SupplyChain Warns
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
admin
  • Website

Related Posts

op return – What is the justification for allowing multiple OP_RETURN outputs per transaction in Bitcoin Core v30?

October 4, 2025

XRP’s Next Rally Predicted To Shock Markets

October 2, 2025

FOMC Rate Cuts Loom As Bitcoin Holds Above $109,500 EMA

October 1, 2025

NYDFS Chief Harris to Leave New York Regulator Next Month

September 30, 2025
Add A Comment
Leave A Reply Cancel Reply

Top Insights

op return – What is the justification for allowing multiple OP_RETURN outputs per transaction in Bitcoin Core v30?

October 4, 2025

Highest Lowest MT4 Indicator – ForexMT4Indicators.com

October 4, 2025

Google Search serving issue in some locales

October 4, 2025

BTC Nears Record Highs as Total Market Cap Peaks at $4.21T

October 4, 2025
ads

Subscribe to Updates

Get the latest creative news from Cointelegraphe about Crypto, bItcoin and Altcoin.

About Us
About Us

At CoinTelegraphe, we are dedicated to bringing you the latest and most insightful news, analysis, and updates from the dynamic world of cryptocurrency. Our mission is to provide our readers with accurate, timely, and comprehensive information to help them navigate the complexities of the crypto market.

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

op return – What is the justification for allowing multiple OP_RETURN outputs per transaction in Bitcoin Core v30?

October 4, 2025

Highest Lowest MT4 Indicator – ForexMT4Indicators.com

October 4, 2025

Google Search serving issue in some locales

October 4, 2025
Get Informed

Subscribe to Updates

Get the latest creative news from Cointelegraphe about Crypto, bItcoin and Altcoin.

Please enable JavaScript in your browser to complete this form.
Loading
  • About us
  • Contact Us
  • Shop
  • Privacy Policy
  • Terms and Conditions
Copyright 2024 Cointelegraphe Design By Horaam Sultan.

Type above and press Enter to search. Press Esc to cancel.