Ledger CTO Warns of Serious NPM Hack That Can Hijack Crypto Transactions

[Ben Graham]

A serious security scare has hit the open-source software world, and it’s got big implications for crypto. Ledger’s chief technology officer has raised the alarm after discovering that several popular JavaScript packages on NPM were quietly compromised. The hack affects libraries used in millions of apps and websites and could redirect crypto funds during a transaction without the user ever noticing.

Code Injected to Secretly Hijack Wallet Transfers

The malicious code works by slipping into the background and waiting for a transaction to happen. When a user tries to send crypto, the malware silently swaps out the destination wallet address. On the surface, everything still looks fine. The user sees the address they intended to send to, but under the hood, the funds go somewhere else entirely. That fake address is controlled by the attacker.

BREAKING: Massive crypto supply chain attack.

Ledger CTO warns: Hardware wallet users must verify every transaction. Others should avoid on-chain activity until patched. pic.twitter.com/XfzeZYHIuJ

— Bitcoin Archive (@BTC_Archive) September 8, 2025

Popular Libraries Pulled Into the Mess

What makes this attack so dangerous is how widespread these packages are. The affected tools include libraries like chalk, debug, and ansi-styles. These aren’t obscure tools. They get downloaded billions of times every year and are part of the backbone for many crypto platforms. This breach isn’t just big, it’s everywhere.

DISCOVER: Best New Cryptocurrencies to Invest in 2025

A Single Phish Opened the Floodgates

It all started with a phishing email. The attacker tricked one of the developers with access to these libraries into handing over credentials. Once inside, the attacker added their own code to the libraries. Developers and users then unknowingly pulled the infected versions into their apps. The attack spread silently through the usual channels, without raising any red flags at first.

Hardware Wallets Still Offer a Safety Net

According to Ledger’s team, hardware wallets are not affected by this issue. Since they let users verify the final destination address on a physical screen before signing a transaction, they can catch tampered addresses. That extra layer of confirmation gives users a fighting chance, even if the browser or app has been compromised. It’s one of the few safeguards still standing in a situation like this.

DISCOVER: 20+ Next Crypto to Explode in 2025

Developers Urged to Pause and Lock Things Down

In the meantime, developers have been told to stop using auto-updating packages and lock their dependencies to known-safe versions. This stops the tainted code from being pulled into new builds. Teams are now scrambling to audit their setups and clean house. It’s not just about patching the code, it’s about making sure the same thing can’t happen again.

Bitcoin

Price

Market Cap

BTC

$2.22T

24h7d30d1yAll time

Open Source Is Powerful, but Also Fragile

This breach shows just how much trust the software world places in shared tools and how easy that trust is to break. Open-source code lets people build fast, but when even one piece of that system goes bad, the damage spreads quickly. Especially in crypto, where the stakes are higher than most.

Staying Safe While the Cleanup Continues

It will take time to clean up the damage. Until then, users should avoid browser wallets for on-chain transactions and stick to hardware wallets if they can. Developers need to stay sharp and recheck every package they rely on. This was a wake-up call, and the message is clear. When real money is involved, even the smallest piece of code needs to be treated with care.

DISCOVER: 20+ Next Crypto to Explode in 2025 

Join The 99Bitcoins News Discord Here For The Latest Market Updates

Key Takeaways

• Ledger’s CTO has warned that compromised JavaScript libraries on NPM are being used to silently hijack crypto transactions.
• Malicious code swaps wallet addresses during transfers, sending funds to attackers while keeping the screen display unchanged.
• Popular libraries like chalk and debug were infected, impacting apps across the crypto ecosystem due to their widespread use.
• Hardware wallets remain unaffected, giving users a way to verify the real destination address before signing any transaction.
• Developers are being urged to lock dependencies and stop using auto-updates to prevent further spread of the compromised code.

The post Ledger CTO Warns of Serious NPM Hack That Can Hijack Crypto Transactions appeared first on 99Bitcoins.