Ledger CTO Warns: “Stop All Transactions Now”
Key Highlights
- The CTO of Ledger advised anyone not using a hardware wallet to immediately stop all on-chain transactions
- Hackers compromised a popular open-source developer’s account, poisoning 18 crucial JavaScript packages that see over 2.6 billion weekly downloads
- The hidden code is a “crypto-clipper” that actively hijacks browser wallets
On September 9, Ledger Chief Technology Officer (CTO) Charles Guillemet issued a warning of a large-scale supply chain attack. According to him, a massive cyberattack is targeting the very foundation of the crypto world, putting millions of users at risk.
🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.
The malicious payload works…
— Charles Guillemet (@P3b7_) September 8, 2025
According to the report, this attack is so big that Charles Guillemet issued a stark warning, saying Unless you use a hardware wallet, stop all transactions immediately. He said, “If you use a hardware wallet, pay attention to every transaction before signing, and you’re safe. If you don’t use a hardware wallet, refrain from making any on-chain transactions for now.”
What is Happening?
The attack was came into light on September 8 is what security experts call a “supply chain attack.” Instead of targeting one company, hackers went after the open-source tools that thousands of apps and websites are built upon.
They compromised the account of a well-respected developer, Josh Goldberg, and used this access to insert malicious code into 18 different software packages.
These packages, with names like chalk and debug, are not household names, but they are incredibly powerful behind the scenes. They are downloaded over 2.6 billion times every week by developers all over the world. This means the malicious code has the potential to spread to countless websites, apps, and services almost instantly.
How the Hack Unfolded
The breach started with a clever phishing email. The hackers sent emails that looked like they were from npm, the company that manages these software packages. The fake emails warned developers that their accounts would be locked unless they updated their two-factor authentication (2FA) details. When developers clicked the link, they were taken to a convincing fake website that stole their login credentials.
What the Malware Does
This is not a virus that crashes your computer. It is a sophisticated “crypto-clipper” designed to steal your digital money.
The malware works in two ways:
- Passively: It lurks in the background and watches when you copy a cryptocurrency wallet address. It silently replaces the address you copied with one owned by the hackers. If you don’t double-check the address before sending funds, your money goes straight to the thieves.
- Actively: It can hijack browser-based wallets like MetaMask, Trust Wallet, and Exodus. It changes the user interface while you are making a transaction, showing you a fake confirmation screen that tricks you into sending your Bitcoin, Ethereum, or Solana to the attacker’s address.
The Urgent Warning from a Ledger CTO
The warning from Ledger CTO Charles Guillemet sent shockwaves through the crypto community. He called this a “large-scale supply chain attack” and confirmed the malicious code had already been downloaded over a billion times.
Ledger CTO’s advice was very clear:
- If you use a hardware wallet (like a Ledger or Trezor): You are safer, but you must carefully check every single transaction on your device’s screen before you approve it.
- If you use any software or browser-based wallet: Stop all on-chain transactions immediately. Do not send any cryptocurrency until this threat is completely resolved
This type of attack highlights a critical weakness in our digital world. Much of the internet relies on a few dedicated volunteers who maintain these essential, free software packages. If one person’s account is compromised, it can put millions of users at risk.
This incident is a painful reminder of a similar attack on Ledger’s software in 2023. While companies like npm have taken down the poisoned versions, the fix is not simple. Because these tools are woven into so many other projects, the malicious code could still be active in many places.
For now, the best defense is extreme caution, according to the Ledger CTO. Crypto users are urged to heed the warning and avoid making transactions unless they are using a hardware wallet and can verify everything on its secure screen. This event is a sobering wake-up call about the fragile chains of trust that hold the modern internet together.
Rajpalsinh is a crypto journalist with over three years of experience and is currently working with CryptoNewsZ. Throughout his journey, he has honed skills like content optimization and has developed expertise in blockchain platforms, crypto trading bots, and hackathon news and events. He has also written for TheCryptoTimes, where his ability to simplify complex crypto topics makes his articles accessible to a wide audience. Passionate about the ever-evolving crypto space, he stays updated on industry trends to provide well-researched insights. Outside of work, gaming serves as his stress buster, helping him stay focused and refreshed for his next big story. He is always eager to explore new blockchain innovations and their potential impact on the global financial ecosystem.
