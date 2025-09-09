Ledger CTO Warns Crypto Users at Risk from Billion-Download NPM Hack

Key Takeaways In the latest NPM hack, attackers inject crypto-stealing malware into core NPM libraries. The malware silently intercepts web and wallet activity, cleverly swapping or hijacking victims' crypto addresses using advanced string similarity algorithms. Ledger CTO Charles Guillemet warns that crypto users are especially vulnerable. Crypto's latest security shock, the NPM hack, arrived courtesy of a single phishing email, which compromised a reputable developer's NPM account. It has turned some of the most popular JavaScript libraries into silent crypto siphons practically overnight. Ledger CTO Charles Guillemet immediately took to X to warn crypto users to be vigilant. The NPM Hack: What Happened? NPM tools are packages that are woven into the heart of the internet, downloaded billions of times every year. If you're building a wallet app, a crypto portfolio tracker, or even just a slick front end, odds are they're somewhere in your software stack. And for the millions who rely on these libraries through DeFi platforms, exchanges, and even hardware wallet integrations, this breach is about as close to "everywhere" as software vulnerabilities get. So what happened in this NPM hack? It's a story that feels as old as time. A reputable NPM maintainer fell victim to a targeted phishing campaign. Hackers tricked the developer into handing over two-factor authentication details via a fake NPM support email. Then, the bad actors used those credentials to push new, malicious versions of some of the ecosystem's most widely used packages. From the outside, everything looked normal, with the same trusted packages and expected functionality. However, under the hood, it was a different story. These poisoned updates contain malware so sly it can read, rewrite, and reroute crypto transactions in real-time. A Closer Look into the Hack The code works by quietly monitoring wallet activity like browser-based requests, wallet app…