Ledger CTO Warns Of Ongoing NPM Supply Chain Attack, Advises Users To Halt Onchain Transactions

These packages have reportedly been downloaded over one billion times, raising concerns that countless applications, including those tied to cryptocurrency, could be vulnerable.

"There's a large-scale supply chain attack in progress," Guillemet said, adding that those using hardware wallets remain safe as long as they carefully verify transactions before signing.

He advised others to temporarily avoid onchain transactions until the situation is under control.

The malicious code works by silently altering crypto addresses, redirecting funds to attackers without user knowledge.

The incident has been described by some developers as potentially "the largest supply chain attack ever."

Also Read: Stablecoins Could Reach $4 Trillion Market Cap By 2030: Bernstein

According to security researchers like @0x_ultra, high-volume libraries such as Chalk and their dependencies, which see billions of weekly downloads, were compromised.

He warned that these corrupted packages could expose private keys.

The package maintainer confirmed the breach, explaining that attackers used phishing emails from a fake npmjs.com domain to seize control of accounts.

While patched versions were released around 15:15 UTC, experts cautioned that frontend applications may still be at risk.

@0xCygaar noted that although NPM disabled the compromised versions, developers who recently ran updates should carefully check their dependencies.

Guillemet stressed once again that hardware wallets with clear-signing features remain secure, while users relying solely on software wallets are most exposed.

The attack resembles past incidents where address-swapping malware redirected funds, echoing techniques linked to North Korean hackers in previous exchange breaches.

Read Next:

• Bitcoin Hits $112,000— But Tom Lee Says $200,000 Might Still Come This Year

Image: Shutterstock