NPM Hack Puts 1 Billion Crypto Wallets At Risk As Ledger CTO Urges Users To Halt Transactions
An NPM (Node Package Manager) supply chain attack has prompted Ledger Chief Technology Officer Charles Guillemet to urge crypto users to pause on-chain transactions. “There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised,” Guillemet wrote on X. “The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.” His recommendation to not perform any on-chain transactions was mainly targeted at crypto community members who don’t use a hardware wallet. However, he did caution anyone who does use a hardware wallet to “pay attention to every transaction before signing” in order to stay safe. Guilleme is one of many crypto developers that has issued the warning. According to GCr’s 0x_ultra, “Chalk and projects with it as a dependency (2 billion+ weekly downloads) have been pwned.” Develo...