The cryptocurrency community is facing a new major cyber threat, as a large-scale supply-chain attack has been discovered in progress on the Ledger hardware wallet ecosystem.
Ledger Chief Technology Officer Charles Guillemet raised the alarm on Monday, warning that the company’s Node Package Manager (NPM) has been compromised and the entire JavaScript ecosystem may be at risk of hackers stealing users’ digital funds. He also warned that potentially all chains could be affected.
Sponsored
“The malicious payload works by silently swapping crypto addresses on the fly to steal funds. If you use a hardware wallet, pay attention to every transaction before signing and you’re safe.If you don’t use a hardware wallet, refrain from making any on-chain transactions for now.” Guillemet wrote in his X post.
How The Malware Works
Software engineer Jan-David Stärk reports that a major supply-chain attack hit the JavaScript ecosystem after the Node Package Manager (NPM) account of popular developer qix was compromised.
NPM is a large library of reusable code that developers incorporate into apps. When a package is updated with malicious code, it can quickly spread to thousands of apps and websites.
In this case, malicious versions of widely used packages, like chalk, strip-ansi, color-convert, and others, were published, collectively downloaded over a billion times per week.
Source: jdstaerk.substack.com
The injected malware, a crypto-clipper, intercepted network requests to swap wallet addresses with attacker-controlled ones. When wallets like MetaMask were detected, it hijacked active transactions by altering recipient addresses before users signed them.
Although the most malicious code has since been removed from most affected packages, compromised versions may remain in dependency trees, a software engineer warns.
Developers are urged to audit projects, lock packages to safe versions, and strengthen supply-chain defenses.
Impact and Risk
Experts say software wallets and browser-based crypto apps are most at risk, since the malware can run in the code these apps rely on. Hardware wallets, by contrast, remain safer because they display the true destination address on a secure screen, making it harder for attackers to trick users.
However, platforms like MetaMask, Phantom, Uniswap, Morpho, OKX Wallet confirmed they were unaffected due to internal safeguards and layered defenses.
Despite the scale of the compromise, the financial damage has so far been minimal. Security experts kolkas suskaiciavo losses of less than $50.
Why This Matters
The incident underscores the fragility of software supply chains and shows how a single compromised account can ripple across billions of downloads, even when financial losses are limited.
Dig into DailyCoin’s top crypto news:
Pi Network Exposes Pi Scam Wallet Siphoning User Coins!
EVE Frontier’s Free Trial Offers Players a Glimpse Into Cycle 2
People Also Ask:
A supply chain attack occurs when hackers compromise a trusted software source, like a developer account or package, to spread malicious code to users downstream.
The malware, a crypto-clipper, swaps wallet addresses in transactions or hijacks them in browser wallets, stealing funds without users noticing.
Software wallets, browser-based crypto apps, and any apps or dApps depending on the compromised NPM packages are vulnerable. Hardware wallets remain safer due to secure verification.
Developers should audit their dependencies, lock affected packages to safe versions, and enforce strict supply-chain security to prevent malicious code from spreading.
Avoid using software wallets for on-chain transactions until patched, and always verify transaction addresses on hardware wallets before signing.
