Ledger CTO Warns of Supply Chain Attack, Cautions Against On-Chain Transactions

Highlights
- Ledger CTO issues warning about crypto supply chain attack threat to millions of wallets.
- Malicious NPM updates spread malware that steals and replaces crypto addresses.
- Developers encouraged developer to cease on-chain operation, and inspect HD wallets thoroughly.
The JavaScript ecosystem is under a massive threat following a major supply chain attack. Hence, millions of crypto users and developers are now at risk. With more than a billion of these packages downloaded already, thousands of blockchain wallets and applications could be suffer varying exploits.
Supply Chain Attack Injects Malware Into Core NPM Packages
Ledger CTO Charles Guillemet warned that a compromised Node Package Manager (NPM) account has led to malicious updates in widely used packages, including error-ex, color-convert, and strip-ansi. Security researchers discovered that the injected malware functions as a “crypto-clipper.” It silently hijacks wallet addresses in network requests and replaces them with addresses controlled by the attacker.
🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.
The malicious payload works…
— Charles Guillemet (@P3b7_) September 8, 2025
The supply chain attack activates whether or not a crypto wallet is detected. If a wallet such as MetaMask is present, the malware directly intercepts and manipulates transaction requests. It scans data for wallet addresses in Bitcoin, Ethereum, Solana, Tron, Litecoin, and other networks.
These are replaced with similar-looking attacker addresses using a string-matching algorithm. The deception makes it difficult for victims to notice changes. Recently, World Liberty Financial disclosed why it blacklisted 272 wallets, highlighting broader risks facing wallet security.
Developers first spotted the malicious code from the supply chain attack after a cryptic build failure during a pipeline run. Instead of the stable version 1.3.2, their systems installed a newly published 1.3.3 version of error-ex. That release contained heavily obfuscated code, including a suspicious function named checkethereumw. Investigation confirmed it was stealing crypto data and redirecting funds.
Developers Urged to Strengthen Defenses as Supply Chain Threat Widens
Guillemet urged caution. He advised users with hardware wallets to carefully check each transaction before signing. For those without hardware protection, he recommended pausing all on-chain transactions until the threat is resolved. He added that it remains unclear whether attackers can directly steal wallet seed phrases from software wallets.
New revelations, including a report by Arkham about the 127,426 Bitcoin hack on the Lubian mining pool, highlights the possible extent of exploits, including a supply chain attack. Despite mounting fears, Solana’s top DEX-aggregator Jupiter said it is unaffected. The team said Jupiter and Jup Mobile do not use compromised package versions. They added that they’ve reviewed the source code and assured users their products are safe.
Regarding the recent NPM supply-chain attack:
Both Jupiter and Jup Mobile users are completely unaffected by the vulnerability.
We’ve confirmed across the source code that none of the affected package-versions exist in any Jupiter product.
Users are safe ✅ https://t.co/6Gee2mcN97
— Jupiter (🐱, 🐐) (@JupiterExchange) September 8, 2025
- Senators Reaffirm Commitment to Market Structure Bill After Meeting with Coinbase, Ripple
- How the Crypto Market Could React to the Next Fed Meeting on October 29?
- $1.68 Trillion T. Rowe Price Files for First Active Crypto ETF Holding BTC, ETH, SOL, and XRP
- Standard Chartered Predicts Bitcoin Could Drop Below $100K Amid U.S.–China Trade Tensions
- Rising Demand for Verifiable Crypto Ownership Drives Launch of Trezor Safe 7
- XRP Price Classical Pattern Points to a Rebound as XRPR ETF Hits $100M Milestone
- Chainlink Price Eyes $27 Rebound as Whales Accumulate 54M LINK
- Pi Network Price Wedge Signals a Rebound as Key Upgrades Raise Utility Hopes
- Solana Price Eyes $240 Recovery as Gemini Launches SOL-Reward Credit Card
- XRP Price Prediction Amid Evernorth’s $1B XRP Treasury Plan – Can XRP Hit $5?
- Ethereum Price Targets $8K Amid John Bollinger’s ‘W’ Bottom Signal and VanEck Staked ETF Filing