- Ledger CTO warns against onchain transactions following NPM compromise.
- Hardware wallet investors are believed safe if transactions are verified.
- Ethereum and Solana among affected chains by address-swapping malware.

Ledger CTO Charles Guillemet has issued a warning to halt onchain transactions due to a significant NPM supply chain attack compromising JavaScript ecosystem affecting cryptocurrencies globally.
The alert highlights potential widespread risks in crypto transactions, impacting software wallets and dApps reliant on contaminated packages, with immediate caution advised for non-hardware wallet users.
A major supply chain attack has been confirmed by Ledger’s CTO. Users are urged to halt onchain crypto transactions after a massive compromise to NPM packages. The attack affects the JavaScript ecosystem significantly.
Prominent figures like Charles Guillemet emphasize caution by urging users to review every transaction. Users without hardware wallets are advised to pause onchain activities until further notice, ensuring safety against potential address-swapping risks.
The attack impacts various crypto wallets and dApps, leading to redirected withdrawals. Users on Ethereum and Solana chains are highly vulnerable. Effects are seen through malware swapping wallet addresses, a critical threat to online crypto interactions.
Market impacts do not indicate direct institutional losses, though affected assets include most user-controlled tokens through specific apps. Regulatory bodies have not yet issued public guidance regarding these events.
Large-scale NPM package downloads expose numerous users. Security advocates advise dApp abstention for now. Hardware wallets with manual verification provide the strongest defense against potential fund theft.
Long-term effects could influence regulatory stances and technological approaches to security in Web3 ecosystems. Historical perspectives show past attacks had limited fund loss scales but underscore the continuing importance of supply chain vigilance.
“This is a large-scale supply chain attack. The entire JavaScript ecosystem may be affected.” – Charles Guillemet, CTO, Ledger
Disclaimer: The content on The CCPress is provided for informational purposes only and should not be considered financial or investment advice. Cryptocurrency investments carry inherent risks. Please consult a qualified financial advisor before making any investment decisions. |