TechFlow, September 9 — Ledger CTO Charles Guillemet posted on social media: "The NPM attack was thwarted and caused almost no victim losses. The attacker stole user credentials through a phishing email from a fake npm support domain, then published malicious package updates. The injected code targeted web-based crypto activities, hijacked transactions on blockchain networks such as Ethereum and Solana, and directly replaced wallet addresses in network responses. Due to an operational error by the attacker, the CI/CD pipeline crashed, allowing the attack to be detected early with limited impact.
However, this remains a clear warning: if funds are held in software wallets or exchanges, a single code execution could result in total loss. Supply chain vulnerabilities remain a major vector for spreading malware, and targeted attacks are increasingly common. Although the immediate danger has passed, threats persist—vigilance and security measures must be maintained."
Previous report: Developer qix suffered a phishing attack, resulting in multiple popular npm packages being implanted with malicious code.




