Buy CryptoMarketsSpotFuturesGOLDEarnEvent Centre
More
USD1 Genesis
The post Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads appeared on BitcoinEthereumNews.com. Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account. According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it. Guillemet did not name the developer whose account he said was compromised. The incident underscores how deeply interconnected open-source software is and why security lapses in developer tools can ripple into the crypto economy almost instantly. 🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works… — Charles Guillemet (@P3b7_) September 8, 2025 “NPM is a tool commonly used in software development using JavaScript, which makes integrating packages easy for developers,” said Guillemet in a message to CoinDesk. When an attacker compromises a developer’s account, they can slip malicious code into widely used packages. “The malicious code attempts to drain users by swapping addresses used in transaction or general on-chain activity and replacing them with the hacker’s address,” Guillemet added. Guillemet stressed that if any decentralized application or software wallet across any blockchain includes these JavaScript packages, then they could be compromised, and crypto users could therefore lose their funds. “The only sure way to combat this is to use a hardware wallet with a secure screen that supports Clear Signing,” said Guillemet to CoinDesk. “This will allow the user to see exactly which addresses funds are being sent to and… The post Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads appeared on BitcoinEthereumNews.com. Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account. According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it. Guillemet did not name the developer whose account he said was compromised. The incident underscores how deeply interconnected open-source software is and why security lapses in developer tools can ripple into the crypto economy almost instantly. 🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works… — Charles Guillemet (@P3b7_) September 8, 2025 “NPM is a tool commonly used in software development using JavaScript, which makes integrating packages easy for developers,” said Guillemet in a message to CoinDesk. When an attacker compromises a developer’s account, they can slip malicious code into widely used packages. “The malicious code attempts to drain users by swapping addresses used in transaction or general on-chain activity and replacing them with the hacker’s address,” Guillemet added. Guillemet stressed that if any decentralized application or software wallet across any blockchain includes these JavaScript packages, then they could be compromised, and crypto users could therefore lose their funds. “The only sure way to combat this is to use a hardware wallet with a secure screen that supports Clear Signing,” said Guillemet to CoinDesk. “This will allow the user to see exactly which addresses funds are being sent to and…

Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads

Author: BitcoinEthereumNews
Source: BitcoinEthereumNews
2025/09/09 15:25
2 min read
NODE
NODE$0.01204-0.08%
Suilend
SEND$0.09004--%
For feedback or concerns regarding this content, please contact us at crypto.news@mexc.com

Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account.

According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it.

Guillemet did not name the developer whose account he said was compromised.

The incident underscores how deeply interconnected open-source software is and why security lapses in developer tools can ripple into the crypto economy almost instantly.

“NPM is a tool commonly used in software development using JavaScript, which makes integrating packages easy for developers,” said Guillemet in a message to CoinDesk. When an attacker compromises a developer’s account, they can slip malicious code into widely used packages.

“The malicious code attempts to drain users by swapping addresses used in transaction or general on-chain activity and replacing them with the hacker’s address,” Guillemet added.

Guillemet stressed that if any decentralized application or software wallet across any blockchain includes these JavaScript packages, then they could be compromised, and crypto users could therefore lose their funds.

“The only sure way to combat this is to use a hardware wallet with a secure screen that supports Clear Signing,” said Guillemet to CoinDesk. “This will allow the user to see exactly which addresses funds are being sent to and ensure they match the intended addresses.”

“Hardware wallets without secure screens and any wallet that doesn’t support Clear signing is at high risk as it is impossible to accurately verify the transaction details are correct,” he added.

“It’s an opportunity to remind everyone: always verify your transactions, never blind sign, use a hardware wallet with a secure screen, and Clear Sign everything,” Guillemet said.

Read more: Ledger CTO Addresses Criticism of New Wallet Recovery Service

Source: https://www.coindesk.com/tech/2025/09/08/ledger-cto-warns-of-npm-supply-chain-attack-hitting-1b-downloads

Market Opportunity
NODE Logo
NODE Price(NODE)
$0.01204
$0.01204$0.01204
-0.16%
USD
NODE (NODE) Live Price Chart
Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact crypto.news@mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.
Tags:
#RWA#On-chain

You May Also Like

Olivia Moore: Media narratives distort public perception of AI, companies must adopt AI to stay competitive, and the future workforce will focus on AI-augmented roles

Olivia Moore: Media narratives distort public perception of AI, companies must adopt AI to stay competitive, and the future workforce will focus on AI-augmented roles

The post Olivia Moore: Media narratives distort public perception of AI, companies must adopt AI to stay competitive, and the future workforce will focus on AI-
Share
BitcoinEthereumNews2026/04/11 10:57
Franklin Templeton CEO Dismisses 50bps Rate Cut Ahead FOMC

Franklin Templeton CEO Dismisses 50bps Rate Cut Ahead FOMC

The post Franklin Templeton CEO Dismisses 50bps Rate Cut Ahead FOMC appeared on BitcoinEthereumNews.com. Franklin Templeton CEO Jenny Johnson has weighed in on whether the Federal Reserve should make a 25 basis points (bps) Fed rate cut or 50 bps cut. This comes ahead of the Fed decision today at today’s FOMC meeting, with the market pricing in a 25 bps cut. Bitcoin and the broader crypto market are currently trading flat ahead of the rate cut decision. Franklin Templeton CEO Weighs In On Potential FOMC Decision In a CNBC interview, Jenny Johnson said that she expects the Fed to make a 25 bps cut today instead of a 50 bps cut. She acknowledged the jobs data, which suggested that the labor market is weakening. However, she noted that this data is backward-looking, indicating that it doesn’t show the current state of the economy. She alluded to the wage growth, which she remarked is an indication of a robust labor market. She added that retail sales are up and that consumers are still spending, despite inflation being sticky at 3%, which makes a case for why the FOMC should opt against a 50-basis-point Fed rate cut. In line with this, the Franklin Templeton CEO said that she would go with a 25 bps rate cut if she were Jerome Powell. She remarked that the Fed still has the October and December FOMC meetings to make further cuts if the incoming data warrants it. Johnson also asserted that the data show a robust economy. However, she noted that there can’t be an argument for no Fed rate cut since Powell already signaled at Jackson Hole that they were likely to lower interest rates at this meeting due to concerns over a weakening labor market. Notably, her comment comes as experts argue for both sides on why the Fed should make a 25 bps cut or…
Share
BitcoinEthereumNews2025/09/18 00:36
Swalwell denies assault claims: ‘They did not happen, they have never happened’

Swalwell denies assault claims: ‘They did not happen, they have never happened’

Rep. Eric Swalwell (D-CA) on Friday night forcefully denied allegations of sexual misconduct and assault, calling the claims that have rocked his gubernatorial
Share
Rawstory2026/04/11 11:53

Trending News

More

Treasury Secretary Bessent Urges Congress to Pass CLARITY Act as Global Crypto Adoption Accelerates

White House Warns Staff as Iran Bets Spark Insider Concerns

Nate Tice: Ravens exploit trade loopholes, Raiders undergo massive roster overhaul, and Falcons’ left-handed strategy could reshape dynamics

Russian investigative journalist placed in pre-trial detention

Presale Data Shows Ozak AI Raising Capital at Nearly 4× the Speed of Comparable AI Crypto Projects

24/7 Live News

More

Bitcoin sentiment remains low despite recovery; potential market volatility highlighted.

Author: shah13:01

Iran accepts Bitcoin for Hormuz passage, creating ~3,600 BTC daily demand from ~130 ships.

Author: Charles 👑10:35

Solana highlighted as a key player for 2023-2024 cycle, potential market attention noted.

Author: borovik10:26

TESLA's self-driving system approved by Dutch regulator, potentially impacting related crypto market sentiment.

Author: Charles 👑10:24

Banks reportedly show increased reliance on XRP, highlighting its evolving role in financial systems.

Author: Ripple Bull Winkle | Crypto Researcher 🚀🚨10:01

Crypto Prices

Bitcoin Logo

Bitcoin

BTC

$72,822.40
$72,822.40$72,822.40

+0.50%

Ethereum Logo

Ethereum

ETH

$2,236.90
$2,236.90$2,236.90

+0.58%

USD1 Logo

USD1

USD1

$0.9990
$0.9990$0.9990

-0.01%

Solana Logo

Solana

SOL

$84.33
$84.33$84.33

+0.13%

XRP Logo

XRP

XRP

$1.3509
$1.3509$1.3509

+0.21%

USD1 Genesis: 0 Fees + 12% APR

USD1 Genesis: 0 Fees + 12% APRUSD1 Genesis: 0 Fees + 12% APR

New users: stake for up to 600% APR. Limited time!