What You Should Know

• Charles Guillemet, the CTO of Ledger, warned on X that a supply chain attack is currently in progress, stemming from the compromise of a well-known developer’s NPM account.
• The malware that has infiltrated the packages, which have amassed over 1 billion downloads, is aimed at replacing cryptocurrency wallet addresses in transactions. As a result, users could unintentionally send assets directly to an attacker.

🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.
— Charles Guillemet (@P3b7_) September 8, 2025

Guillemet did not disclose the identity of the compromised developer. The incident highlights the vast interconnection within open-source software, demonstrating how lapses in developer tools can rapidly impact the crypto sector.

Guillemet’s Advice

Guillemet emphasized that if any decentralized application or software wallet integrates these JavaScript packages, there is a significant risk of compromise, which could result in substantial losses for crypto users. He strongly recommended using hardware wallets equipped with secure screens to verify transaction addresses accurately, thereby preventing potential fraud.

Reminder

“Always verify your transactions, never blind sign, use a hardware wallet with a secure screen, and Clear Sign everything,” Guillemet stated.