Ledger CTO Warns of Large-Scale NPM Supply Chain Attack Targeting Crypto Users

Ledger’s Charles Guillemet cautioned that compromised NPM packages threaten the JavaScript ecosystem, as malicious code swaps cryptocurrency addresses to steal funds despite unaffected hardware wallets.

192d ago

Fact Check

The statement is overwhelmingly corroborated by numerous independent and credible sources (Sources 3-13), including crypto news outlets like CoinDesk, The Block, and Bitcoinist. These sources explicitly and consistently report that Ledger's CTO, Charles Guillemet, warned of a large-scale supply chain attack originating from a compromised NPM account and targeting crypto users.

Summary

Ledger CTO Charles Guillemet reported a major supply chain attack following the compromise of a well-known developer’s NPM account. Affected packages, downloaded over one billion times, include malicious code designed to alter cryptocurrency addresses and steal funds. Guillemet emphasized that hardware wallet users verifying each transaction remain protected, as Ledger and other clear-signing devices are not impacted. However, he warned software wallet users to temporarily avoid on-chain transactions until the situation is clarified, noting it is still uncertain whether seed phrases are being directly targeted.

Terms & Concepts

Supply Chain Attack: A cyberattack targeting the software development or distribution process, injecting malicious code into trusted software packages.
NPM (Node Package Manager): A widely used package manager for JavaScript, distributing reusable code modules across the ecosystem.
Crypto Address Swapping: A malicious tactic where malware replaces the intended recipient’s cryptocurrency address with the attacker’s, diverting funds.