{"id":46435,"date":"2025-09-09T02:46:42","date_gmt":"2025-09-09T02:46:42","guid":{"rendered":"https:\/\/dogewisperer.com\/?p=46435"},"modified":"2025-09-09T02:46:42","modified_gmt":"2025-09-09T02:46:42","slug":"ledger-cto-warns-of-serious-npm-hack-that-can-hijack-crypto-transactions","status":"publish","type":"post","link":"https:\/\/dogewisperer.com\/?p=46435","title":{"rendered":"Ledger CTO Warns of Serious NPM Hack That Can Hijack Crypto Transactions"},"content":{"rendered":"<div>\n<p><span data-preserver-spaces=\"true\">A serious security scare has hit the open-source software world, and it\u2019s got <\/span><span data-preserver-spaces=\"true\">big<\/span><span data-preserver-spaces=\"true\"> implications for crypto. Ledger\u2019s chief technology officer has raised the alarm after discovering that several popular JavaScript packages on NPM were quietly compromised. The hack affects libraries used in millions of apps and websites and could redirect crypto funds during a transaction without the user ever noticing.<\/span><\/p>\n<h2><span data-preserver-spaces=\"true\">Code Injected to Secretly Hijack Wallet Transfers<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">The malicious code <\/span><span data-preserver-spaces=\"true\">works<\/span><span data-preserver-spaces=\"true\"> by <\/span><span data-preserver-spaces=\"true\">slipping into<\/span><span data-preserver-spaces=\"true\"> the background and waiting for a transaction to <\/span><span data-preserver-spaces=\"true\">happen<\/span><span data-preserver-spaces=\"true\">.<\/span><span data-preserver-spaces=\"true\"> When a user tries to send crypto, the malware silently swaps out the destination wallet address. On the surface, everything still looks fine. <\/span><span data-preserver-spaces=\"true\">The user sees the <\/span><span data-preserver-spaces=\"true\">address they<\/span><span data-preserver-spaces=\"true\"> intended <\/span><span data-preserver-spaces=\"true\">to send to<\/span><span data-preserver-spaces=\"true\">, but <\/span><span data-preserver-spaces=\"true\">under<\/span><span data-preserver-spaces=\"true\"> the <\/span><span data-preserver-spaces=\"true\">hood, the funds go somewhere else entirely<\/span><span data-preserver-spaces=\"true\">.<\/span> <span data-preserver-spaces=\"true\">That fake address is controlled by the attacker.<\/span><\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\"><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/16.0.1\/72x72\/1f6a8.png\" alt=\"\ud83d\udea8\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\"> BREAKING: Massive crypto supply chain attack.<\/p>\n<p>Ledger CTO warns: Hardware wallet users must verify every transaction. Others should avoid on-chain activity until patched. <a href=\"https:\/\/t.co\/XfzeZYHIuJ\" rel=\"nofollow\" target=\"_blank\">pic.twitter.com\/XfzeZYHIuJ<\/a><\/p>\n<p>\u2014 Bitcoin Archive (@BTC_Archive) <a href=\"https:\/\/twitter.com\/BTC_Archive\/status\/1965107952852881490?ref_src=twsrc%5Etfw\" rel=\"nofollow\" target=\"_blank\">September 8, 2025<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<h2><span data-preserver-spaces=\"true\">Popular Libraries Pulled Into the Mess<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">What makes this attack so dangerous is how widespread these packages are. The affected tools include libraries like chalk, debug, and ansi-styles. These aren\u2019t obscure tools. <\/span><span data-preserver-spaces=\"true\">They <\/span><span data-preserver-spaces=\"true\">get<\/span><span data-preserver-spaces=\"true\"> downloaded billions of times every year and <\/span><span data-preserver-spaces=\"true\">are part of<\/span><span data-preserver-spaces=\"true\"> the backbone <\/span><span data-preserver-spaces=\"true\">for<\/span><span data-preserver-spaces=\"true\"> many crypto platforms.<\/span><span data-preserver-spaces=\"true\"> This breach isn\u2019t just <\/span><span data-preserver-spaces=\"true\">big<\/span><span data-preserver-spaces=\"true\">, it\u2019s everywhere.<\/span><\/p>\n<p><strong>DISCOVER: <a class=\"general-link\" href=\"https:\/\/99bitcoins.com\/cryptocurrency\/new-cryptocurrency\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\">Best New Cryptocurrencies to Invest in 2025<\/a><\/strong><\/p>\n<h2><span data-preserver-spaces=\"true\">A Single Phish Opened the Floodgates<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">It all started with a phishing email. The attacker tricked one of the developers with access to these libraries into handing over credentials. Once inside, the attacker added their own code to the libraries. Developers and users then unknowingly pulled the infected versions into their apps. The attack spread silently through the usual channels, without raising any red flags at first.<\/span><\/p>\n<h2><span data-preserver-spaces=\"true\">Hardware Wallets Still Offer a Safety Net<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">According to Ledger\u2019s team, hardware wallets are not affected by this issue. Since they let users verify the final destination address on a physical screen before signing a transaction, they can catch tampered addresses. That extra layer of confirmation gives users a fighting chance, even if the browser or app has <\/span><span data-preserver-spaces=\"true\">been compromised<\/span><span data-preserver-spaces=\"true\">. It\u2019s one of the few safeguards still standing in a situation like this.<\/span><\/p>\n<p><strong>DISCOVER: <a class=\"general-link\" href=\"https:\/\/99bitcoins.com\/cryptocurrency\/next-crypto-to-explode\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\">20+ Next Crypto to Explode in 2025<\/a><\/strong><\/p>\n<h2><span data-preserver-spaces=\"true\">Developers Urged to Pause and Lock Things Down<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">In the meantime, developers have <\/span><span data-preserver-spaces=\"true\">been told<\/span><span data-preserver-spaces=\"true\"> to stop using auto-updating packages and lock their dependencies to known-safe versions. <\/span><span data-preserver-spaces=\"true\">This<\/span> <span data-preserver-spaces=\"true\">stops<\/span><span data-preserver-spaces=\"true\"> the tainted code from being pulled into new builds. Teams are now scrambling to audit their setups and clean house. <\/span><span data-preserver-spaces=\"true\">It\u2019s not just about patching the <\/span><span data-preserver-spaces=\"true\">code<\/span><span data-preserver-spaces=\"true\">,<\/span> <span data-preserver-spaces=\"true\">it\u2019s about <\/span><span data-preserver-spaces=\"true\">making sure<\/span><span data-preserver-spaces=\"true\"> the same thing can\u2019t happen again.<\/span><\/p>\n<div class=\"cpp-crypto-chart cpp-crypto-chart-99btc cpp-crypto-chart-btc\" data-coin-symbol=\"btc\" data-price-usd=\"BTC Price (USD)\" data-main-color=\"#4caf05\" data-watermark-image=\"https:\/\/99bitcoins.com\/wp-content\/uploads\/2025\/06\/99bitcoins-logo.png\" data-chart-style=\"99btc\">\n<div class=\"cpp-chart-top-section\">\n<div class=\"cpp-chart-info-section\">\n<div class=\"cpp-chart-logo\"><img decoding=\"async\" src=\"https:\/\/cimg.co\/wp-content\/uploads\/2024\/02\/26205235\/btc.svg\" alt=\"btc logo\"><\/div>\n<div class=\"cpp-chart-coin-details\">\n<div class=\"cpp-chart-labels-row\">\n<div class=\"cpp-chart-coin-name\">Bitcoin<\/div>\n<div class=\"cpp-chart-price-info\">Price<\/div>\n<div class=\"cpp-chart-market-cap\">Market Cap<\/div>\n<\/div>\n<div class=\"cpp-chart-values-row\">\n<div class=\"cpp-chart-coin-symbol\">BTC<\/div>\n<div class=\"cpp-chart-price\"><\/div>\n<div class=\"cpp-chart-market-cap-value\">$2.22T<\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"cpp-chart-selectors cpp-chart-selectors-99btc\"><span class=\"cpp-chart-selector\" data-period=\"24h\">24h<\/span><span class=\"cpp-chart-selector\" data-period=\"7d\">7d<\/span><span class=\"cpp-chart-selector\" data-period=\"30d\">30d<\/span><span class=\"cpp-chart-selector\" data-period=\"1y\">1y<\/span><span class=\"cpp-chart-selector\" data-period=\"all_time\">All time<\/span><\/div>\n<\/div>\n<p><canvas id=\"cpp-chart-68bf8cf985e15\" class=\"cpp-chart-container cpp-chart-container-99btc\"><\/canvas><\/div>\n<h2><span data-preserver-spaces=\"true\">Open Source Is Powerful, but Also Fragile<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">This breach <\/span><span data-preserver-spaces=\"true\">shows just how much trust<\/span><span data-preserver-spaces=\"true\"> the software world <\/span><span data-preserver-spaces=\"true\">places in<\/span><span data-preserver-spaces=\"true\"> shared tools and how <\/span><span data-preserver-spaces=\"true\">easy<\/span><span data-preserver-spaces=\"true\"> that trust <\/span><span data-preserver-spaces=\"true\">is to break<\/span><span data-preserver-spaces=\"true\">.<\/span> <span data-preserver-spaces=\"true\">Open-source code <\/span><span data-preserver-spaces=\"true\">lets people build fast<\/span><span data-preserver-spaces=\"true\">, but when even one piece of that system <\/span><span data-preserver-spaces=\"true\">goes bad<\/span><span data-preserver-spaces=\"true\">, the damage spreads quickly<\/span><span data-preserver-spaces=\"true\">.<\/span><span data-preserver-spaces=\"true\"> Especially<\/span><span data-preserver-spaces=\"true\"> in crypto, where the stakes are higher than most.<\/span><\/p>\n<h2><span data-preserver-spaces=\"true\">Staying Safe While the Cleanup Continues<\/span><\/h2>\n<p><span data-preserver-spaces=\"true\">It will take time to clean up the damage. Until then, users should avoid browser wallets for on-chain transactions and stick to hardware wallets if they can. Developers need to stay sharp and recheck every package they rely on. <\/span><span data-preserver-spaces=\"true\">This<\/span><span data-preserver-spaces=\"true\"> was a wake-up call, and the message is clear. When real money is involved, even the smallest piece of code needs to <\/span><span data-preserver-spaces=\"true\">be treated<\/span><span data-preserver-spaces=\"true\"> with care.<\/span><\/p>\n<p><strong><span data-preserver-spaces=\"true\">DISCOVER:\u00a0<\/span><a class=\"general-link\" href=\"https:\/\/99bitcoins.com\/cryptocurrency\/next-crypto-to-explode\/\" target=\"_blank\" rel=\"nofollow noopener sponsored\"><span data-preserver-spaces=\"true\">20+ Next Crypto to Explode in 2025\u00a0<\/span><\/a><\/strong><\/p>\n<p><strong><a class=\"general-link\" href=\"https:\/\/discord.gg\/B7Uk6agkqj\" target=\"_blank\" rel=\"nofollow noopener\"><span data-preserver-spaces=\"true\">Join The 99Bitcoins News Discord Here For The Latest Market Updates<\/span><\/a><\/strong><\/p>\n<div class=\"nnbtc-key-takeaways\">\n<h2 class=\"nnbtc-key-takeaways__title\">Key Takeaways<\/h2>\n<ul class=\"nnbtc-key-takeaways__list\">\n<li class=\"nnbtc-key-takeaways__list-item\">\n        Ledger\u2019s CTO has warned that compromised JavaScript libraries on NPM are being used to silently hijack crypto transactions.    <\/li>\n<li class=\"nnbtc-key-takeaways__list-item\">\n        Malicious code swaps wallet addresses during transfers, sending funds to attackers while keeping the screen display unchanged.    <\/li>\n<li class=\"nnbtc-key-takeaways__list-item\">\n        Popular libraries like chalk and debug were infected, impacting apps across the crypto ecosystem due to their widespread use.    <\/li>\n<li class=\"nnbtc-key-takeaways__list-item\">\n        Hardware wallets remain unaffected, giving users a way to verify the real destination address before signing any transaction.    <\/li>\n<li class=\"nnbtc-key-takeaways__list-item\">\n        Developers are being urged to lock dependencies and stop using auto-updates to prevent further spread of the compromised code.    <\/li>\n<\/ul><\/div>\n<p>The post <a href=\"https:\/\/99bitcoins.com\/news\/bitcoin-btc\/ledger-cto-warns-npm-hack-can-hijack-crypto-transfers\/\">Ledger CTO Warns of Serious NPM Hack That Can Hijack Crypto Transactions<\/a> appeared first on <a href=\"https:\/\/99bitcoins.com\/\">99Bitcoins<\/a>.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A serious security scare has hit the open-source software world, and it\u2019s got big implications for crypto. Ledger\u2019s chief technology officer has raised the alarm after discovering that several popular JavaScript packages on NPM were quietly compromised. The hack affects libraries used in millions of apps and websites and could redirect crypto funds during a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":0,"footnotes":""},"categories":[2],"tags":[3,4,5],"class_list":["post-46435","post","type-post","status-publish","format-standard","hentry","category-news","tag-crypto","tag-doge","tag-news"],"_links":{"self":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/46435","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=46435"}],"version-history":[{"count":0,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=\/wp\/v2\/posts\/46435\/revisions"}],"wp:attachment":[{"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=46435"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=46435"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dogewisperer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=46435"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}