Hackers hijacked NPM libraries in a massive supply chain attack, injecting malware that swaps crypto wallet addresses to steal funds.

NPM supply chain attack compromised 18 popular JavaScript packages, swapping crypto wallet addresses, but quick detection ...

NPM developer qix's account compromise potentially puts user funds at risk by compromising library dependencies used by ...

Charles Guillemet, Chief Technology Officer at Ledger, emphasized the gravity of the situation, stating, "There’s a large-scale supply chain attack in progress: the NPM account of a reputable ...

Less $50 worth of crypto has been stolen from the large-scale JavaScript libraries attack on Monday, which targeted Ethereum ...

On September 8, 2025, a single phishing email triggered one of npm’s most damaging supply chain attacks, compromising 18 ...

Hackers launched the largest NPM crypto attack in history and compromised 18 JavaScript packages with billions of downloads.

Charles Guillemet says a phishing-led supply-chain breach could have become a systemic disaster for crypto users.

Billions (No, that's not a typo, Billions with a capital B) of files were potentially compromised. If you thought Node Package Manager (npm), the Billions of downloads were potentially compromised ...

At least 18 popular JavaScript code packages that are collectively downloaded more than two billion times each week were briefly compromised with malicious software today, after a developer involved ...

A large-scale supply chain attack on the JavaScript ecosystem has prompted an urgent warning from Ledger’s chief technology ...

A serious security scare has hit the open-source software world, and it’s got big implications for crypto. Ledger’s chief ...