암호화폐 구매시장현물선물GOLD예금이벤트 센터
더보기
USD1 Genesis
The post Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads appeared on BitcoinEthereumNews.com. Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account. According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it. Guillemet did not name the developer whose account he said was compromised. The incident underscores how deeply interconnected open-source software is and why security lapses in developer tools can ripple into the crypto economy almost instantly. 🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works… — Charles Guillemet (@P3b7_) September 8, 2025 “NPM is a tool commonly used in software development using JavaScript, which makes integrating packages easy for developers,” said Guillemet in a message to CoinDesk. When an attacker compromises a developer’s account, they can slip malicious code into widely used packages. “The malicious code attempts to drain users by swapping addresses used in transaction or general on-chain activity and replacing them with the hacker’s address,” Guillemet added. Guillemet stressed that if any decentralized application or software wallet across any blockchain includes these JavaScript packages, then they could be compromised, and crypto users could therefore lose their funds. “The only sure way to combat this is to use a hardware wallet with a secure screen that supports Clear Signing,” said Guillemet to CoinDesk. “This will allow the user to see exactly which addresses funds are being sent to and… The post Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads appeared on BitcoinEthereumNews.com. Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account. According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it. Guillemet did not name the developer whose account he said was compromised. The incident underscores how deeply interconnected open-source software is and why security lapses in developer tools can ripple into the crypto economy almost instantly. 🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works… — Charles Guillemet (@P3b7_) September 8, 2025 “NPM is a tool commonly used in software development using JavaScript, which makes integrating packages easy for developers,” said Guillemet in a message to CoinDesk. When an attacker compromises a developer’s account, they can slip malicious code into widely used packages. “The malicious code attempts to drain users by swapping addresses used in transaction or general on-chain activity and replacing them with the hacker’s address,” Guillemet added. Guillemet stressed that if any decentralized application or software wallet across any blockchain includes these JavaScript packages, then they could be compromised, and crypto users could therefore lose their funds. “The only sure way to combat this is to use a hardware wallet with a secure screen that supports Clear Signing,” said Guillemet to CoinDesk. “This will allow the user to see exactly which addresses funds are being sent to and…

Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads

저자: BitcoinEthereumNews
출처: BitcoinEthereumNews
2025/09/09 15:25
2분 읽기
NODE
NODE$0.01205--%
Suilend
SEND$0.08982-0.36%
이 콘텐츠에 대한 의견이나 우려 사항이 있으시면 crypto.news@mexc.com으로 연락주시기 바랍니다

Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account.

According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it.

Guillemet did not name the developer whose account he said was compromised.

The incident underscores how deeply interconnected open-source software is and why security lapses in developer tools can ripple into the crypto economy almost instantly.

“NPM is a tool commonly used in software development using JavaScript, which makes integrating packages easy for developers,” said Guillemet in a message to CoinDesk. When an attacker compromises a developer’s account, they can slip malicious code into widely used packages.

“The malicious code attempts to drain users by swapping addresses used in transaction or general on-chain activity and replacing them with the hacker’s address,” Guillemet added.

Guillemet stressed that if any decentralized application or software wallet across any blockchain includes these JavaScript packages, then they could be compromised, and crypto users could therefore lose their funds.

“The only sure way to combat this is to use a hardware wallet with a secure screen that supports Clear Signing,” said Guillemet to CoinDesk. “This will allow the user to see exactly which addresses funds are being sent to and ensure they match the intended addresses.”

“Hardware wallets without secure screens and any wallet that doesn’t support Clear signing is at high risk as it is impossible to accurately verify the transaction details are correct,” he added.

“It’s an opportunity to remind everyone: always verify your transactions, never blind sign, use a hardware wallet with a secure screen, and Clear Sign everything,” Guillemet said.

Read more: Ledger CTO Addresses Criticism of New Wallet Recovery Service

Source: https://www.coindesk.com/tech/2025/09/08/ledger-cto-warns-of-npm-supply-chain-attack-hitting-1b-downloads

시장 기회
NODE 로고
NODE 가격(NODE)
$0.01205
$0.01205$0.01205
-0.08%
USD
NODE (NODE) 실시간 가격 차트
면책 조항: 본 사이트에 재게시된 글들은 공개 플랫폼에서 가져온 것으로 정보 제공 목적으로만 제공됩니다. 이는 반드시 MEXC의 견해를 반영하는 것은 아닙니다. 모든 권리는 원저자에게 있습니다. 제3자의 권리를 침해하는 콘텐츠가 있다고 판단될 경우, crypto.news@mexc.com으로 연락하여 삭제 요청을 해주시기 바랍니다. MEXC는 콘텐츠의 정확성, 완전성 또는 시의적절성에 대해 어떠한 보증도 하지 않으며, 제공된 정보에 기반하여 취해진 어떠한 조치에 대해서도 책임을 지지 않습니다. 본 콘텐츠는 금융, 법률 또는 기타 전문적인 조언을 구성하지 않으며, MEXC의 추천이나 보증으로 간주되어서는 안 됩니다.

추천 콘텐츠

Iran’s Consideration of Cryptocurrencies Sparks New Dynamics for Strait of Hormuz Shipping

Iran’s Consideration of Cryptocurrencies Sparks New Dynamics for Strait of Hormuz Shipping

The post Iran’s Consideration of Cryptocurrencies Sparks New Dynamics for Strait of Hormuz Shipping appeared on BitcoinEthereumNews.com. Following a precarious
공유하기
BitcoinEthereumNews2026/04/11 07:36
François Chollet: AGI progress is accelerating towards 2030, symbolic models will reshape machine learning, and coding agents are revolutionizing automation

François Chollet: AGI progress is accelerating towards 2030, symbolic models will reshape machine learning, and coding agents are revolutionizing automation

The post François Chollet: AGI progress is accelerating towards 2030, symbolic models will reshape machine learning, and coding agents are revolutionizing automation
공유하기
BitcoinEthereumNews2026/04/11 07:40
Nick Pell: Parapsychology struggles for scientific legitimacy, the flawed nature of ESP research, and the Cold War’s influence on psychic programs

Nick Pell: Parapsychology struggles for scientific legitimacy, the flawed nature of ESP research, and the Cold War’s influence on psychic programs

The post Nick Pell: Parapsychology struggles for scientific legitimacy, the flawed nature of ESP research, and the Cold War’s influence on psychic programs appeared
공유하기
BitcoinEthereumNews2026/04/11 07:10

USD1 Genesis: 0 Fees + 12% APR

USD1 Genesis: 0 Fees + 12% APRUSD1 Genesis: 0 Fees + 12% APR

New users: stake for up to 600% APR. Limited time!