24/7 Cryptocurrency News

Ledger CTO Warns of Supply Chain Attack, Cautions Against On-Chain Transactions

Ledger CTO cautions that there is an NPM supply chain attack on the rampage. He encouraged users to cease risky on-chain transactions.
Published by
Ledger CTO Warns of Supply Chain Attack, Cautions Against On-Chain Transactions

Highlights

  • Ledger CTO issues warning about crypto supply chain attack threat to millions of wallets.
  • Malicious NPM updates spread malware that steals and replaces crypto addresses.
  • Developers encouraged developer to cease on-chain operation, and inspect HD wallets thoroughly.

The JavaScript ecosystem is under a massive threat following a major supply chain attack. Hence, millions of crypto users and developers are now at risk. With more than a billion of these packages downloaded already, thousands of blockchain wallets and applications could be suffer varying exploits.

Advertisement

Supply Chain Attack Injects Malware Into Core NPM Packages

Ledger CTO Charles Guillemet warned that a compromised Node Package Manager (NPM) account has led to malicious updates in widely used packages, including error-ex, color-convert, and strip-ansi. Security researchers discovered that the injected malware functions as a “crypto-clipper.” It silently hijacks wallet addresses in network requests and replaces them with addresses controlled by the attacker.


The supply chain attack activates whether or not a crypto wallet is detected. If a wallet such as MetaMask is present, the malware directly intercepts and manipulates transaction requests.  It scans data for wallet addresses in Bitcoin, Ethereum, Solana, Tron, Litecoin, and other networks.

These are replaced with similar-looking attacker addresses using a string-matching algorithm. The deception makes it difficult for victims to notice changes. Recently, World Liberty Financial disclosed why it blacklisted 272 wallets, highlighting broader risks facing wallet security.

Developers first spotted the malicious code from the supply chain attack after a cryptic build failure during a pipeline run. Instead of the stable version 1.3.2, their systems installed a newly published 1.3.3 version of error-ex. That release contained heavily obfuscated code, including a suspicious function named checkethereumw. Investigation confirmed it was stealing crypto data and redirecting funds.

Advertisement

Developers Urged to Strengthen Defenses as Supply Chain Threat Widens

Guillemet urged caution. He advised users with hardware wallets to carefully check each transaction before signing. For those without hardware protection, he recommended pausing all on-chain transactions until the threat is resolved. He added that it remains unclear whether attackers can directly steal wallet seed phrases from software wallets.

New revelations, including a report by Arkham about the 127,426 Bitcoin hack on the Lubian mining pool, highlights the possible extent of exploits, including a supply chain attack. Despite mounting fears, Solana’s top DEX-aggregator Jupiter said it is unaffected. The team said Jupiter and Jup Mobile do not use compromised package versions. They added that they’ve reviewed the source code and assured users their products are safe.

Advertisement

Share
Paul

Paul Adedoyin is a crypto journalist with 4+ years experience who provides timely news, in-depth research, and insightful content to inform and empower his audience. His works have been featured on sites such as CryptoMode, CryptoNewsFlash among others. He holds a degree in Geophysics from OAU, Nigeria. When he's not writing, he loves watching soccer and reading educative journals. He can be reached via paul@coingape.com

Published by
Why trust CoinGape: CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights to our readers. Our journalists and analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.
Investment disclaimer: The content reflects the author’s personal views and current market conditions. Please conduct your own research before investing in cryptocurrencies, as neither the author nor the publication is responsible for any financial losses.
Ad Disclosure: This site may feature sponsored content and affiliate links. All advertisements are clearly labeled, and ad partners have no influence over our editorial content.

Recent Posts

  • 24/7 Cryptocurrency News

XRP Ledger Rolls Out MPT Standard for Real-World Asset Tokenization

The XRP Ledger (XRPL) has launched the Multi-Purpose Token (MPT) standard, designed to simplify and…

October 1, 2025
  • 24/7 Cryptocurrency News

SEC Puts Crypto ETF Approvals On Hold Following U.S. Government Shutdown

The U.S. Securities and Exchange Commission has announced plans to streamline its operations amid the…

October 1, 2025
  • 24/7 Cryptocurrency News

Pi Network Adds DEX and AMM Features To Expand Pi Coin’s Utility

Pi Network has now added two new features to its Testnet. These are a decentralized…

October 1, 2025
  • 24/7 Cryptocurrency News

October Fed Rate Cut Odds Rise After Weak U.S. Labor Data, Bitcoin Surges

U.S. private payrolls unexpectedly fell in September, raising market bets that the Federal Reserve will…

October 1, 2025
  • 24/7 Cryptocurrency News

Hashdex Adds Cardano to Crypto Index Fund as ADA Gains SEC Listing Eligibility

Asset manager Hashdex has officially included Cardano in its Nasdaq Crypto Index U.S. ETF. This…

October 1, 2025
  • Bitcoin News

U.S. Treasury To Ease Tax Rule on Unrealized Bitcoin Gains, Aiding Saylor’s Strategy

The U.S. Treasury and IRS have released an interim guidance, which highlights plans to ease…

October 1, 2025