-
Back to menu
Prices
-
Back to menu
-
Back to menu
Indices -
Back to menu
Research
-
Back to menu
Events -
Back to menu
Sponsored
-
Back to menu
Videos -
Back to menu
-
Back to menu
-
Back to menu
Webinars
Select Language
According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it.
By Margaux Nijkerk, AI Boost|Edited by Nikhilesh De
Sep 8, 2025, 7:29 p.m.
- Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account.
- According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it.
Charles Guillemet, chief technology officer at hardware wallet maker Ledger, warned on X on Monday that a large-scale supply chain attack is underway after the compromise of a reputable developer’s Node Package Manager (NPM) account.
According to Guillemet, the malicious code — already pushed into packages with over 1 billion downloads — is designed to silently swap crypto wallet addresses in transactions. That means unsuspecting users could send funds directly to the attacker without realizing it.
STORY CONTINUES BELOW
Guillemet did not name the developer whose account he said was compromised.
The incident underscores how deeply interconnected open-source software is and why security lapses in developer tools can ripple into the crypto economy almost instantly.
“NPM is a tool commonly used in software development using JavaScript, which makes integrating packages easy for developers,” said Guillemet in a message to CoinDesk. When an attacker compromises a developer’s account, they can slip malicious code into widely used packages.
“The malicious code attempts to drain users by swapping addresses used in transaction or general on-chain activity and replacing them with the hacker’s address,” Guillemet added.
Guillemet stressed that if any decentralized application or software wallet across any blockchain includes these JavaScript packages, then they could be compromised, and crypto users could therefore lose their funds.
“The only sure way to combat this is to use a hardware wallet with a secure screen that supports Clear Signing,” said Guillemet to CoinDesk. “This will allow the user to see exactly which addresses funds are being sent to and ensure they match the intended addresses.”
“Hardware wallets without secure screens and any wallet that doesn’t support Clear signing is at high risk as it is impossible to accurately verify the transaction details are correct,” he added.
“It’s an opportunity to remind everyone: always verify your transactions, never blind sign, use a hardware wallet with a secure screen, and Clear Sign everything,” Guillemet said.
Read more: Ledger CTO Addresses Criticism of New Wallet Recovery Service
AI Disclaimer: Parts of this article were generated with the assistance from AI tools and reviewed by our editorial team to ensure accuracy and adherence to our standards. For more information, see CoinDesk’s full AI Policy.
More For You
By Margaux Nijkerk|Edited by Sheldon Reback
12 hours ago
Operating out of Cyprus and licensed under the European Union’s MiFID II framework, the exchange is positioning itself as one of the first fully regulated venues in Europe to offer crypto derivatives, starting with perpetual futures.
What to know:
- Backpack Exchange, a global cryptocurrency trading platform, said Monday that its European division, Backpack EU, is officially live.
- The exchange is positioning itself as one of the first fully regulated venues in Europe to offer crypto derivatives, starting with perpetual futures.
- Backpack operates out of Cyprus and is licensed under the European Union’s MiFID II framework.
