Ledger CTO urges users to check crypto onchain transactions amid supply chain attack
A compromised NPM account has spread malicious code that swaps wallet addresses, with analysts urging caution for both hardware and software wallet users.

Key Takeaways
- Ledger CTO urged hardware wallet users to verify every transaction amid a large-scale supply chain attack.
- Analysts warned software wallet users to avoid onchain transactions as malicious code spreads through NPM.
Share this article
Ledger CTO Charles Guillemet warned on X of a large-scale supply chain attack after the NPM account of a reputable developer was compromised.
🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.
The malicious payload works…
— Charles Guillemet (@P3b7_) September 8, 2025
He said malicious packages, downloaded more than 1 billion times, contain code that swaps crypto addresses to steal funds. Guillemet advised hardware wallet users to verify every transaction before signing, stressing that they remain safe if careful.
Ledger CTO further emphasized that those relying on software wallets face greater risks and should avoid onchain transactions until the situation is resolved. He also warned that the attack could potentially affect all chains.
A Substack report said the author of the compromised account is actively working with the NPM security team to resolve the issue, with most of the malicious code already removed.
Share this article