“Avoid On-Chain Transactions”: Ledger CTO Issues Urgent Warning After JavaScript Attack

A large-scale supply chain attack on the JavaScript ecosystem has prompted an urgent warning from Ledger’s chief technology officer, Charles Guillemet, who advised users without hardware wallets to avoid on-chain transactions until further notice. On September 8, hackers compromised the npm account of Josh Goldberg, a well-known open-source maintainer known as “Qix,” publishing malicious updates to 18 widely used packages, including chalk, debug, strip-ansi, and color-convert. These utilities underpin much of the modern web and collectively account for more than 2.6 billion weekly downloads, according to npm statistics. Researchers Uncover Crypto-Clipper Malware Hidden in Popular npm Libraries Security researchers quickly found that the new versions contained a “crypto-clipper” malware. The payload works by intercepting browser functions and swapping out legitimate cryptocurrency wallet addresses with attacker-controlled ones. In some cases, the malware actively hijacks wallet communications, modifying transactions before they are signed. The attack was first uncovered after a build error exposed obfuscated code hidden in one of the updated packages. Analysis showed that the malware employed a two-pronged strategy: passively replacing wallet addresses using sophisticated algorithms to mimic the look of real ones and actively intercepting transactions from browser-based wallets like MetaMask to redirect funds. The scale of the attack is unprecedented. Packages such as chalk are downloaded nearly 300 million times a week, while debug sees around 358 million weekly downloads. Collectively, the targeted libraries are embedded deep within the dependency trees of tools like Babel, ESLint, and countless other projects, raising concerns that the fallout could affect developers and users worldwide. In a post on X, Ledger CTO Charles Guillemet described the incident as a “large-scale supply chain attack” and warned that the malicious payload had already reached billions of downloads. “If you use a hardware wallet, pay attention to every transaction before signing and you’re safe,” he wrote. “If you don’t use a hardware wallet, refrain from making any on-chain transactions for now.” Guillemet added that it was still unclear whether the attackers were also attempting to steal wallet seed phrases. The attackers reportedly gained access through a phishing campaign that targeted npm maintainers with emails impersonating the platform’s support team. The fraudulent messages claimed that accounts would be locked unless two-factor authentication credentials were updated by September 10. Clicking the link redirected victims to a fake login page designed to steal credentials. Once in control of Goldberg’s account, the attackers pushed malicious versions of core packages used across millions of applications. Aikido Security, which analyzed the attack, said the injected code functioned as a browser-based interceptor capable of altering website content, tampering with API calls, and rewriting payment destinations without alerting users. npm has since removed many of the compromised versions, but security experts warn that transitive dependencies make it difficult to ensure complete protection. Developers are being urged to immediately audit their projects, pin safe versions of dependencies, and rebuild lockfiles. The attack shows the fragility of the open-source ecosystem, which relies heavily on trust between maintainers and developers. With billions of downloads affected and active wallet addresses linked to stolen funds already surfacing on-chain, researchers are describing the incident as one of the most severe supply chain compromises in the JavaScript ecosystem’s history. Crypto Hacks Surge Past $3B in 2025 as Phishing and Laundering Tactics Escalate The crypto sector is facing its most severe security crisis yet, with hackers stealing over $3 billion across 119 incidents in the first half of 2025, according to new data from blockchain analytics firm Global Ledger. The figure is one and a half times greater than total losses in 2024, placing the industry on track to break annual records. The report shows the speed of these attacks as a new threat. In some cases, stolen funds were moved within four seconds of an exploit, far faster than most exchange alert systems. Nearly 70% of hacks saw funds moved before the breach became public, while one in four had assets fully laundered before any statement or alert was issued. On average, it takes 37 hours for an incident to be publicly reported, leaving investigators trailing attackers who often cash out within minutes. Only 4.2% of stolen assets, around $126 million, were recovered in the first six months of the year. Recent incidents underline the scale of the problem. In July, hackers infiltrated Brazil’s national payment system through provider C&amp;M Software, stealing about $180 million from reserve accounts and quickly routing funds through crypto exchanges. In June, hardware wallet maker Trezor warned of a phishing exploit that abused its customer support system to send fake emails requesting wallet backups. Around the same time, CoinMarketCap and Cointelegraph suffered front-end compromises that pushed phishing pop-ups and fake airdrop promotions to users. Despite the surge in attacks, bug bounty programs continue to show promise. Platforms like Immunefi report more than $120 million in payouts to white-hat hackers, preventing an estimated $25 billion in potential losses. But with laundering times now measured in seconds, analysts warn the industry’s defenses are struggling to keep pace
2025/09/09 04:09
Jailed In The US, But Do Kwon Faces New Troubles In Singapore

Do Kwon, founder of Terraform Labs, lost a legal battle regarding a luxury apartment in Singapore. He tried to reclaim $14 million in payments, which were forfeited when the purchase deal fell apart in 2023. This defeat represents another setback for the embattled founder, although it's hardly his most dire legal challenge. Still, this $14 million could've helped rebuild his finances or mitigate incoming fines. Do Kwon's Singapore Lawsuit The Terraform Labs founder has been through a lot of trouble since his company collapsed in 2022. Although he initially pled innocent to US fraud charges, he agreed to a deal with prosecutors less than a month ago. Now, Do Kwon is facing another setback, involving a property in Singapore and an ensuing lawsuit: "Kwon had set his sights on the Sculptura Ardmore unit valued at [$30] million five months before the collapse of his cryptocurrencies TerraUSD and Luna in 2022. He had selected a 7,600 square foot duplex four-bedroom penthouse on the 19th floor of the development, one of only three penthouses in the project," local outlets claimed, paraphrasing original court documents. Specifically, Do Kwon paid approximately half the price of this Singapore apartment, but the deal started to sour in 2023. Despite attempts to keep the contract open or continue renting the property past the sale deadline, both Kwon and his wife vacated by that July. Subsequently, the developer reclaimed the apartment and sold it to another buyer. This led Do Kwon to take a lawsuit to Singapore's high court, attempting to recover his lost $14 million investment. The developer, in turn, pressed his own claims, demanding an additional month's rent and repair costs; Do Kwon apparently began substantial renovations. A Series of Defeats In any case, neither party was fully satisfied.
2025/09/09 04:06
Bitcoin climbs above $112K, but derivatives data show traders remain cautious

Bitcoin derivatives markets showed persistent caution, with sentiment influenced by BTC spot ETF outflows and Strategy not being included in the S&P 500 index.
2025/09/09 04:05
Solana Rally in Sight? Traders Eye Breakout That Could Push SOL Toward $250

Solana Rally in Sight? Traders Eye Breakout That Could Push SOL Toward $250
2025/09/09 04:05
Ledger CTO Warns of Supply Chain Attack, Cautions Against On-Chain Transactions

Read the full article at coingape.com.
2025/09/09 04:04
Trump Promises New Guidance On Preserving ‘Right To Prayer’ In Public Schools

President Donald Trump said Monday the Department of Education would issue new guidance enhancing protections for students who want to pray in public schools, though it's unclear what the new policy will entail. Trump made the announcement while delivering remarks at a meeting of his administration's Religious Liberty Commission at the Museum of the Bible. Trump's first administration instituted a similar policy declaring that schools that suppressed students' right to prayer could lose federal funding—though the policy did not change existing law that prohibits public schools from sponsoring prayer or religious activity.
2025/09/09 04:04
Solana surpasses Ethereum in DEX volumes

In recent months, DEXs on Solana have recorded cumulative volumes exceeding those of Ethereum, while most addresses remain active for less than a day, according to on‑chain dashboards and industry analyses available on DefiLlama and Dune and in reports from financial outlets like CoinDesk (data updated as of September 7, 2025). Record volumes and minimal costs have driven activity on Solana to its peak, consolidating the surpassing of Ethereum in DEX during several recent time frames. At the same time, data on address churn highlight a structural friction: a hyper-transient user base, with rapid cycles and low medium-term retention. In this context, here are the numbers, method, and possible implications. According to the data collected by our research team, aggregated from on‑chain dashboards and verified on public sources as of September 7, 2025, the DEX volume peaks on Solana have occurred over several consecutive months in 2025. Industry analysts note that the dynamic is largely driven by very low fees and algorithmic activity (market makers and bots), rather than by a proportional increase in recurring users. Why Volumes Are Exploding on Solana The combination of high throughput, low fees, and quick finality facilitates high-frequency trading and a very high number of transactions per user. Transaction fee on average in the order of a few cents (often < $0.01 on Solana's L2), while on Ethereum L1 the fees are significantly higher. Near-instant finality and extensive network capacity create an ideal environment for market makers, bots, and high-turnover strategies. Result: DEX volume spikes which, while indicating strong trading activity, might reflect a less solid user base. Analysis and data on platforms like DefiLlama and Artemis highlight periods when the monthly volumes of DEX on Solana have surpassed those of Ethereum.
2025/09/09 04:03
Crypto Asset Manager CoinShares in U.S. SPAC Deal

CoinShares, one of Europe's largest digital asset managers, is heading to Wall Street. The company announced Monday that it will go public in the United States through a $1.2 billion merger with Vine Hill Capital Investment Corp (VCIC)., a Nasdaq-listed SPAC. The deal shifts CoinShares' listing from Stockholm to New York, opening access to U.S. capital markets and investors. The firm manages about $10 billion in assets, including a suite of 32 crypto exchange-traded products (ETPs) covering bitcoin, ether, solana and other tokens. CoinShares ranks as the fourth-largest global provider of digital asset ETPs, behind BlackRock, Grayscale and Fidelity, and holds a 34% share of the European, Middle Eastern and African market. Chief Executive Jean-Marie Mognetti said the move reflects a turning point for digital assets as U.S. regulation provides more clarity. "The case for digital assets as an investment class has reached a decisive inflection point," he said. "A U.S. listing will reinforce our credibility and expand our reach." For U.S. investors, the transaction could mean greater access to crypto-linked products from a manager that has grown assets more than 200% over the last two years. CoinShares reported a 76% adjusted EBITDA margin in the first half of 2025, signaling strong profitability compared with peers. The deal, approved by both companies' boards, is expected to close by the end of 2025 pending regulatory and shareholder approvals. If completed, CoinShares will trade on Nasdaq under a new parent company, Odysseus Holdings Limited.
2025/09/09 04:02
Breaking: SwissBorg Crypto Platform Hacked for Over $41M Amid Massive Supply Chain Attack

Crypto asset holders are under siege today as on-chain sleuths reported the largest supply chain attack potentially affecting all blockchains. Charles Guillemet, the CTO at Ledger, announced the massive supply chain attack, which has been in progress and likely still in effect. Guillemet noted that the NPM account of a reputable developer has been compromised.
2025/09/09 04:00
Strategy’s Michael Saylor Breaks Into Bloomberg’s Billionaire Rankings

MicroStrategy (now Strategy) co-founder Michael Saylor has made his first entry on the Bloomberg Billionaires Index, joining the list with an estimated net worth of $7.37 billion and taking the 491st spot. Reports have disclosed that his wealth rose by about $1 billion.
2025/09/09 04:00
