Nexo Earn with Nexo
Ledger CTO urges users to check crypto onchain transactions amid supply chain attack

Photo: Packt

Ledger CTO urges users to check crypto onchain transactions amid supply chain attack

A compromised NPM account has spread malicious code that swaps wallet addresses, with analysts urging caution for both hardware and software wallet users.

Share

Add us on Google
by Estefano Gomez

Ledger CTO Charles Guillemet warned on X of a large-scale supply chain attack after the NPM account of a reputable developer was compromised.

He said malicious packages, downloaded more than 1 billion times, contain code that swaps crypto addresses to steal funds. Guillemet advised hardware wallet users to verify every transaction before signing, stressing that they remain safe if careful.

Ledger CTO further emphasized that those relying on software wallets face greater risks and should avoid onchain transactions until the situation is resolved. He also warned that the attack could potentially affect all chains.

A Substack report said the author of the compromised account is actively working with the NPM security team to resolve the issue, with most of the malicious code already removed.

Disclosure: This article was edited by Estefano Gomez. For more information on how we create and review content, see our Editorial Policy.
WEB3

Ledger CTO urges users to check crypto onchain transactions amid supply chain attack

Ledger CTO urges users to check crypto onchain transactions amid supply chain attack

A compromised NPM account has spread malicious code that swaps wallet addresses, with analysts urging caution for both hardware and software wallet users.

by Estefano Gomez

Share

Add us on Google

Photo: Packt

Ledger CTO Charles Guillemet warned on X of a large-scale supply chain attack after the NPM account of a reputable developer was compromised.

He said malicious packages, downloaded more than 1 billion times, contain code that swaps crypto addresses to steal funds. Guillemet advised hardware wallet users to verify every transaction before signing, stressing that they remain safe if careful.

Ledger CTO further emphasized that those relying on software wallets face greater risks and should avoid onchain transactions until the situation is resolved. He also warned that the attack could potentially affect all chains.

A Substack report said the author of the compromised account is actively working with the NPM security team to resolve the issue, with most of the malicious code already removed.

Disclosure: This article was edited by Estefano Gomez. For more information on how we create and review content, see our Editorial Policy.