“Accorging to Guillemet, The Malicious Code – ALREADY PUSHED INTO PACKAGES WITH Over 1 Billion Downloads – Is Designed to Silently Swap Crypto Wallet Addresses in Transactions. That means unusporting USers Could Sand Funds Directly to The Attacker with Realizing IT.”, – WRITE: www.coindesk.com
Accorging to Guillemet, The Malicious Code – ALREADY PUSHED INTO PACKAGES WITH Over 1 Billion Downloads – Is Designed to Silently Swap Crypto Wallet Addresses in Transactions. That means unusporting USers Could Sand Funds Directly to The Attacker with Realizing IT.
GuilleMet Did Not Name The Developer Whose Account He Said Was Compromised.
The incident underscores how deeply interconnected Open-Source Software is and Wy Security LapSes in Developer Tools Can Ripple Into the Crypto Economy Almost Instantly.
🚨 There’s A Large-Scale Supply Chain Attack in Progress: The NPM Account of A Reputable Developer Has Been Compromised. The affected Packages have already been Downloaded over 1 Billion Times, Meaning The Entire JavaScript Ecosystom May Be At Risk.The Malicious Payload Works…
– Charles Guillemet (@P3B7_) September 8, 2025
“NPM is A Tool Commonly Used in Software Development Using JavaScript, WHICH MAKES INTEGRATING PACKASGES Easy for Developers,” Said Guillemet in A Message to Coindes. WHEN AN ATTACKER COMPROMISES A DEVELOPER’S ACCOUNT, SLIP Malicious Code Into Widly USED PACKAGES.
“The Malicious Code Attempts to Drain USers by Swaping Addresses used in transaction or General on -chain Activity and Replacing Them with the Hacker’s Address,“ GuilleMet Added.
Guillemet Stressed that if any Decentralized Application or Software Wallet Across Any Blockchain Includes TESE JAVASCRIPT PACKGES, THEN SHE COULD BE COMPROMISED, AND CRYPTO USERS COURPTOCE.
“The only Sure Way to Combat this is to use a hardware Wallet with A Secure Screen that Supports Clear Signing,“ SAID GUILLEMET TO COINDESK. “This Will Allow The User to See Exactly Which Addresses Funds Are Being Sent to And Ensure They Match the Intended Addresses.”
“Hardware Wallets with Secure Screens and Any Wallet That Doesn’s
“IT’s An Opportunity to Remind Everyone: Always Verify Your Transactions, Never Blind Sign, Use A Hardware Wallet With A Secure Screen, and Clear Sign Everything,” GuilleMet Said.
Read More: Ledger CTO Addresses Criticism of New Wallet Recovery Service
Opeting Out of Cyprus and Licensed Under the European Union’s Mifid II Framework, The Exchange Is Positioning Itself as One of the First Fully Regled Venues in the Europe, St. Perpetual Futures.
- Backpack Exchange, A Global Cryptocurrency Trading Platform, Said Monday That Its Europe Division, Backpack Eu, Is Official Live.
- The exchange is Positioning ITSELF as one of the first fully regulated venues in Europe to Offer Crypto Derivatives, Starting with Perpetual Futures.
- Backpack Operates Out of Cyprus and Is Licensed Under the Europe Union’s Mifid II Framework.
Read Full Story