LIVE
PYUSD on Polygon: PayPal Adds Native IssuanceSWIFT Shared Blockchain Ledger Launches With 17 Major BanksSwift Launches Blockchain Ledger for 24/7 Global Payments: ReportEU Officials Plan MiCA Revision to Expand Rules for Non-EU Stablecoin IssuersHyundai Card Completes First Stablecoin-Based Cross-Border Intercompany Payment TestBitcoin Falls Below $62,000 as Selling Pressure BuildsRipple-Backed t54.ai Launches XRP Ledger AI HubCFTC Accuses Fund Manager of Hiding Crypto and Futures Losses Behind Fake Investor ReturnsBNB Chain Plans New Layer 1 Blockchain for Agentic TradingStrike Launches Bitcoin-Backed Loans With No Scheduled LiquidationsPYUSD on Polygon: PayPal Adds Native IssuanceSWIFT Shared Blockchain Ledger Launches With 17 Major BanksSwift Launches Blockchain Ledger for 24/7 Global Payments: ReportEU Officials Plan MiCA Revision to Expand Rules for Non-EU Stablecoin IssuersHyundai Card Completes First Stablecoin-Based Cross-Border Intercompany Payment TestBitcoin Falls Below $62,000 as Selling Pressure BuildsRipple-Backed t54.ai Launches XRP Ledger AI HubCFTC Accuses Fund Manager of Hiding Crypto and Futures Losses Behind Fake Investor ReturnsBNB Chain Plans New Layer 1 Blockchain for Agentic TradingStrike Launches Bitcoin-Backed Loans With No Scheduled Liquidations
Homepage/News/Ledger CTO Urges Halt on Onchain Transactions After NPM Attack
NEWS

Ledger CTO Urges Halt on Onchain Transactions After NPM Attack

BY Solomon M.·2 MIN READ·SEPTEMBER 9, 2025

Ledger CTO Charles Guillemet has issued a warning to halt onchain transactions due to a significant NPM supply chain attack compromising JavaScript ecosystem affecting cryptocurrencies globally.

KEY FINDINGS - EVIDENCE LEVEL: MULTI-SOURCE
1Key sections mapped in this report
0Internal references connected to related coverage
1External source domains cited in the article
2 minEstimated time to read the full report
Key Points:
  • Ledger CTO warns against onchain transactions following NPM compromise.
  • Hardware wallet investors are believed safe if transactions are verified.
  • Ethereum and Solana among affected chains by address-swapping malware.
ledger-cto-urges-halt-on-onchain-transactions-after-npm-attack
Ledger CTO Urges Halt on Onchain Transactions After NPM Attack

The alert highlights potential widespread risks in crypto transactions, impacting software wallets and dApps reliant on contaminated packages, with immediate caution advised for non-hardware wallet users.

A major supply chain attack has been confirmed by Ledger’s CTO. Users are urged to halt onchain crypto transactions after a massive compromise to NPM packages. The attack affects the JavaScript ecosystem significantly.

Prominent figures like Charles Guillemet emphasize caution by urging users to review every transaction. Users without hardware wallets are advised to pause onchain activities until further notice, ensuring safety against potential address-swapping risks.

The attack impacts various crypto wallets and dApps, leading to redirected withdrawals. Users on Ethereum and Solana chains are highly vulnerable. Effects are seen through malware swapping wallet addresses, a critical threat to online crypto interactions.

Market impacts do not indicate direct institutional losses, though affected assets include most user-controlled tokens through specific apps. Regulatory bodies have not yet issued public guidance regarding these events.

Large-scale NPM package downloads expose numerous users. Security advocates advise dApp abstention for now. Hardware wallets with manual verification provide the strongest defense against potential fund theft.

Long-term effects could influence regulatory stances and technological approaches to security in Web3 ecosystems. Historical perspectives show past attacks had limited fund loss scales but underscore the continuing importance of supply chain vigilance.

“This is a large-scale supply chain attack. The entire JavaScript ecosystem may be affected.” – Charles Guillemet, CTO, Ledger
Disclaimer:

The content on The CCPress is provided for informational purposes only and should not be considered financial or investment advice. Cryptocurrency investments carry inherent risks. Please consult a qualified financial advisor before making any investment decisions.

SOURCE TRANSPARENCY
  • External Source - Referenced domain: coindesk.com
  • Byline - Reported by Solomon M.
  • Coverage Desk - Primary editorial category: News
  • Media Asset - Featured image served from the WordPress media library