Ledger CTO Warns of NPM Supply-Chain Attack Targeting Crypto Transactions

BTCC / BTCC Square / Global Cryptocurrency /

Author:

Release Time:

2025-09-08 20:47:02

BTCCSquare news:

Charles Guillemet, chief technology officer at hardware wallet manufacturer Ledger, has alerted the crypto community to a large-scale supply chain attack originating from a compromised Node Package Manager (NPM) account. The malicious code, embedded in packages with over 1 billion downloads, stealthily alters crypto wallet addresses during transactions, redirecting funds to attackers.

The attack vector exploits JavaScript's ubiquitous role in blockchain development. When integrated into decentralized applications or software wallets, the compromised packages pose a cross-chain threat. "This isn't just about stolen credentials—it's about weaponizing trust in open-source infrastructure," Guillemet noted in his disclosure.

While the affected developer remains unnamed, the incident highlights systemic vulnerabilities in crypto's dependency on developer ecosystems. The attack's sophistication—modifying transaction details rather than stealing keys—demonstrates evolving tactics targeting behavioral vulnerabilities rather than cryptographic ones.

By:

Log in to Reply

Nasdaq Seeks SEC Approval to Trade Tokenized Securities

Articles on this site are sourced from public networks or curated by AI for informational purposes only and do not represent BTCC’s views. Original rights belong to the respective authors. For copyright concerns, please contact [email protected]. BTCC assumes no liability for the accuracy, timeliness, or completeness of this information, and disclaims all liability arising from reliance on such content. This content is for reference only and should not be taken as investment, legal, or commercial advice.