NPM Supply Chain Attack Shocks the Crypto World, What to Do?
Jakarta, Pintu News ā The recent massive attack on the NPM supply chain has shaken the crypto industry. Charles Guillemet, Chief Technology Officer of Ledger, issued a strong warning to users to stop on-chain transactions temporarily. The attack took advantage of security holes in the software distribution process, rather than individual users. Read in this article!
Introduction to Supply Chain Attack
Supply chain attacks occur when cybercriminals target the software distribution process. In this case, the NPM account of a trusted developer, known as āqixā, was hacked. The hackers managed to insert malicious code that automatically switched crypto addresses, so that transactions that should have been sent to recipients ended up in the hands of the attackers instead.
This attack is similar to the tactics used by North Korean hackers who managed to steal $1.5 billion from the Bybit crypto exchange. Crypto developers were quick to identify the attack. A Twitter user by the name of @0x_ultra reported that packages like Chalk, which is downloaded more than 2 billion times per week, had been compromised and could potentially steal private keys.
Read also: VanEck and Hyperliquidās Strategic Collaboration: Opening New Opportunities in the DeFi World!
Detection and Response to Attacks
According to Crypto Times, affected developers have verified the attack, revealing that they received a phishing email posing as NPM.
The email threatened to lock the maintainersā accounts if they did not visit the suspicious website. However, as of the time of this report, the amount stolen by the attackers has only reached $498.
The compromised packages were fixed around 15:15 UTC. However, applications and websites that have recently updated their dependencies may still be at risk. Developers are advised to verify all dependencies and ensure that they are not using compromised versions.
Also read: New Digital Wallet from Litecoin and AmericanFortress: Privacy for Users?
Prevention and Safety Measures
Charles Guillemet emphasized that users using hard wallets with clear signing features are still safe. Uniswap, Metamask, Ledger, OKX Wallet, Sui, Aave, and Morpho have stated that they are āunaffectedā by this NPM supply chain attack. It is important for users to remain vigilant and keep up with the latest developments.
Those affected should take immediate action to secure their assets and avoid making transactions until there is further clarity. This attack is a reminder of the increasing risks in the software ecosystem and the importance of security in crypto transactions.
Thatās the latest information about crypto. Follow us on Google News to get the latest crypto news about crypto projects and blockchain technology. Also, learn crypto from scratch with complete discussion through Pintu Academy and stay up-to-date with the latest crypto market such as bitcoin price today, xrp coin price today, dogecoin and other crypto asset prices through Pintu Market.
Enjoy an easy and secure crypto trading experience by downloading Pintu crypto app through Google Play Store or App Store now. Also, get a web trading experience with various advanced trading tools such as pro charting, various types of order types, and portfolio tracker only at Pintu Pro.
*Disclaimer
This content aims to enrich readersā information. Pintu collects this information from various relevant sources and is not influenced by outside parties. Note that an assetās past performance does not determine its projected future performance. Crypto trading activities have high risk and volatility, always do your own research and use cold cash before investing. All activities of buying and selling bitcoin and other crypto asset investments are the responsibility of the reader.
Reference
- Crypto Times. Ledger CTO Warns Users Amid Massive NPM Supply Chain Attack. Accessed on September 10, 2025
- Featured Image:
