ExchangeDEX+

Buy Crypto Markets Spot FuturesBTC Earn Event Center

A significant supply chain attack has raised alarms within the cryptocurrency community, especially after the Node Package Manager (NPM) account of developer Qix was compromised. Charles Guilletment, the Chief Technology Officer of Ledger, a hardware wallet provider, issued a stark warning to crypto investors in a recent post on social media platform X (formerly Twitter). […]A significant supply chain attack has raised alarms within the cryptocurrency community, especially after the Node Package Manager (NPM) account of developer Qix was compromised. Charles Guilletment, the Chief Technology Officer of Ledger, a hardware wallet provider, issued a stark warning to crypto investors in a recent post on social media platform X (formerly Twitter). […]

Ledger CTO Warns Of Crypto Clipper Malware Following Major NPM Breach

2025/09/09 02:55

A significant supply chain attack has raised alarms within the cryptocurrency community, especially after the Node Package Manager (NPM) account of developer Qix was compromised.

Charles Guilletment, the Chief Technology Officer of Ledger, a hardware wallet provider, issued a stark warning to crypto investors in a recent post on social media platform X (formerly Twitter).

He highlighted the potential risks associated with this breach, noting that the affected packages have been downloaded over a billion times, putting the entire JavaScript ecosystem in jeopardy.

Crypto Clipper Malware Discovered

According to an investigative report on the matter, the malicious code introduced in this attack functions as a “crypto-clipper,” a type of malware designed to intercept and alter cryptocurrency transactions.

The malicious code is said to operate by silently swapping wallet addresses in network requests, effectively redirecting funds from legitimate wallets to those controlled by the attacker.

For users of hardware wallets, Guilletment advised that careful attention should be paid to every transaction before signing. In contrast, he urged individuals who do not utilize hardware wallets to refrain from any on-chain transactions until the situation is fully resolved.

In light of the breach, a crypto expert has confirmed that they are collaborating with the NPM security team to address the issue. While the malicious code has been removed from most of the compromised packages, the situation remains fluid.

Urgent Security Measures

The supply chain attack specifically involved the developer known as Qix, leading to the publication of malicious versions of numerous high-impact packages. With the combined weekly downloads of these affected packages surpassing one billion, the potential impact on the JavaScript ecosystem is substantial.

To mitigate risks, Guilletment emphasized the importance of auditing project dependencies immediately. Developers are encouraged to pin all affected packages to their last known safe versions using the overrides feature in their package.json files.

Featured image from DALL-E, chart from TradingView.com

Market Opportunity

NODE Price(NODE)

$0.01488

$0.01488$0.01488

-0.26%

USD

NODE (NODE) Live Price Chart

Disclaimer: The articles reposted on this site are sourced from public platforms and are provided for informational purposes only. They do not necessarily reflect the views of MEXC. All rights remain with the original authors. If you believe any content infringes on third-party rights, please contact service@support.mexc.com for removal. MEXC makes no guarantees regarding the accuracy, completeness, or timeliness of the content and is not responsible for any actions taken based on the information provided. The content does not constitute financial, legal, or other professional advice, nor should it be considered a recommendation or endorsement by MEXC.