The post Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads appeared on BitcoinEthereumNews.com. Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account. According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it. Guillemet did not name the developer whose account he said was compromised. The incident underscores how deeply interconnected open-source software is and why security lapses in developer tools can ripple into the crypto economy almost instantly. 🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works… — Charles Guillemet (@P3b7_) September 8, 2025 “NPM is a tool commonly used in software development using JavaScript, which makes integrating packages easy for developers,” said Guillemet in a message to CoinDesk. When an attacker compromises a developer’s account, they can slip malicious code into widely used packages. “The malicious code attempts to drain users by swapping addresses used in transaction or general on-chain activity and replacing them with the hacker’s address,” Guillemet added. Guillemet stressed that if any decentralized application or software wallet across any blockchain includes these JavaScript packages, then they could be compromised, and crypto users could therefore lose their funds. “The only sure way to combat this is to use a hardware wallet with a secure screen that supports Clear Signing,” said Guillemet to CoinDesk. “This will allow the user to see exactly which addresses funds are being sent to and… The post Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B+ Downloads appeared on BitcoinEthereumNews.com. Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account. According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it. Guillemet did not name the developer whose account he said was compromised. The incident underscores how deeply interconnected open-source software is and why security lapses in developer tools can ripple into the crypto economy almost instantly. 🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk. The malicious payload works… — Charles Guillemet (@P3b7_) September 8, 2025 “NPM is a tool commonly used in software development using JavaScript, which makes integrating packages easy for developers,” said Guillemet in a message to CoinDesk. When an attacker compromises a developer’s account, they can slip malicious code into widely used packages. “The malicious code attempts to drain users by swapping addresses used in transaction or general on-chain activity and replacing them with the hacker’s address,” Guillemet added. Guillemet stressed that if any decentralized application or software wallet across any blockchain includes these JavaScript packages, then they could be compromised, and crypto users could therefore lose their funds. “The only sure way to combat this is to use a hardware wallet with a secure screen that supports Clear Signing,” said Guillemet to CoinDesk. “This will allow the user to see exactly which addresses funds are being sent to and…

                                                                               ETHZilla CEO McAndrew Rudisill said the company’s strategy is to deploy Ether on the Ethereum network through layer-2 protocols and tokenizing real-world assets.                     Ether treasury company ETHZilla is looking to raise another $350 million through new convertible bonds, with funds marked for more Ether purchases and generating yield through investments in the ecosystem. ETHZilla chairman and CEO McAndrew Rudisill said on Monday that the company’s strategy is to deploy Ether (ETH) in “cash-flowing assets” on the Ethereum network through layer-2 protocols and tokenizing real-world assets. A growing number of digital asset companies are moving past simply holding crypto and looking to generate yields through active participation in the ecosystem, which crypto executives told Cointelegraph in August, could help spark a DeFi Summer 2.0.Read more