Ethereum News Today: "1 Billion Downloads Compromised: How a Phishing Attack Hijacked Crypto Transactions"

Generated by AI AgentCoin World
Monday, Sep 8, 2025 3:47 pm ET2min read
ETH--
Aime RobotAime Summary

- Ledger CTO warns crypto users to pause onchain transactions after a major NPM supply chain attack compromised 1B+ downloads via phishing.

- Malicious code silently redirects funds by altering transaction addresses, targeting Ethereum and other blockchains through infected packages.

- NPM disabled compromised versions, but recent updates may still pose risks, urging developers to audit dependencies and adopt security tools like cooldown checks.

- Experts call it one of history's largest supply chain breaches, highlighting vulnerabilities in open-source ecosystems and the need for proactive verification.

Ledger CTO Charles Guillemet has issued a warning to cryptocurrency users, urging them to temporarily halt onchain transactions due to a major supply chain attack involving the compromise of a reputable developer's Node Package Manager (NPM) account. The malicious code has been injected into packages that have already been downloaded over 1 billion times, potentially putting the entire JavaScript ecosystem at risk [1]. The attack involves the silent swapping of cryptocurrency addresses in transactions, redirecting funds to the attacker without the user's knowledge [6].

The compromised code was reportedly introduced through a phishing campaign that targeted the developer's account. The malicious payloads embedded in the packages are designed to intercept and alter transactions, especially those involving EthereumETH-- and other blockchain platforms. The attack has raised concerns due to the sheer scale of package downloads and the critical role that NPM plays in the JavaScript development ecosystem [6].

According to Guillemet, hardware wallet users are advised to verify every transaction before signing, as the clear signing feature on these devices can prevent such address swaps. He emphasized that users of non-secure wallets are at a higher risk of falling victim to the attack [1]. Other developers and researchers have echoed these concerns, noting that the affected packages are dependencies for numerous applications and platforms [6]. The compromised code may have already impacted a large number of users, given the high download counts of the affected packages [1].

In response to the incident, NPM reportedly disabled the compromised versions of these packages to prevent further distribution of the malicious code. However, concerns remain that some users who performed an "npm update" in the last few hours may still be at risk. Developers are being advised to review their project dependencies to ensure they are not using any of the compromised packages [1]. The incident highlights the vulnerabilities that can exist in the open-source software ecosystem, particularly when widely used packages are compromised [6].

Security experts have pointed out that the attack represents one of the largest supply chain breaches in history, with potential implications for the broader cryptocurrency and software development communities. The attack underscores the interconnected nature of modern software development and how a single compromised dependency can have widespread consequences. In light of this, organizations and developers are being urged to adopt more rigorous verification processes for dependencies and to implement proactive security measures, such as software composition analysis tools and real-time monitoring of package repositories [6].

The incident also coincides with broader discussions on software supply chain security, with new tools and best practices being developed to address the growing threat landscape. One such initiative is the introduction of the NPM Package Cooldown Check, a GitHub feature designed to block newly released, potentially compromised dependencies for a configurable period, allowing time for the community to vet and flag potential threats. This approach aims to reduce the risk of adopting malicious packages by introducing a short waiting period before new dependencies are integrated into projects [4].

Source: [1] Ledger warns users to halt onchain transactions amid massive NPM supply chain attack (https://www.theblock.co/post/369893/ledger-warns-halt-onchain-transactions-massive-npm-supply-chain-attack?utm_medium=rss&utm_source=news.xml) [2] Ledger CTO urges users to check crypto onchain transactions (https://cryptobriefing.com/ledger-cto-check-onchain-transactions/) [3] The GhostAction Campaign: 3325 Secrets Stolen Through GitHub Actions (https://blog.gitguardian.com/ghostaction-campaign-3-325-secrets-stolen/) [4] Introducing the NPM Package Cooldown Check (https://www.stepsecurity.io/blog/introducing-the-npm-package-cooldown-check) [5] Ethereum Smart Contracts Weaponized in npm Supply Chain Attack (https://www.betterworldtechnology.com/post/ethereum-smart-contracts-weaponized-in-npm-supply-chain-attack-targeting-crypto-developers) [6] Ledger CTO Warns of NPM Supply-Chain Attack Hitting 1B Downloads (https://www.coindesk.com/tech/2025/09/08/ledger-cto-warns-of-npm-supply-chain-attack-hitting-1b-downloads) [7] The Hidden Risks in Your Software Supply Chain (https://www.veracode.com/blog/hidden-software-supply-chain-risks/) [8] Largest NPM Compromise in History - Supply Chain Attack (https://www.redditRDDT--.com/r/programming/comments/1nbqt4d/largest_npm_compromise_in_history_supply_chain/)

author avatar
Coin World

Quickly understand the history and background of various well-known coins

Latest Articles

Stay ahead of the market.

Get curated U.S. market news, insights and key dates delivered to your inbox.