This new vulnerability could have far-reaching implications for the entire cryptocurrency industry, forcing many security experts to urge users to halt on-chain transactions as a precaution.
Experts advise crypto users to stop all on-chain transactions due to serious vulnerabilities . Photo: The Block
On the evening of September 8, 2025, Ledger hardware wallet CTO Charles Guillemet issued an urgent warning about a serious cybersecurity vulnerability that could affect all on-chain transactions of cryptocurrency users.
If you use a Ledger or hardware wallet with clear signing, you are not at risk.
— Charles Guillemet (@P3b7_) September 8, 2025
My tweet above is warning people who do not use a hardware wallet with clear signing of the risk. Always review every transaction before you sign.
Ledger’s CTO confirmed that a chain attack was underway, stemming from a high-profile developer’s NPM account—a popular JavaScript library Chia platform—being compromised. The malicious data packages have now been downloaded more than 1 billion times, meaning the malware may have spread to the entire JavaScript ecosystem.
Notably, this person claims that the malware can automatically change the destination address during the transaction process to steal users' crypto assets.
Guillemet said that hardware wallet users should pay close attention to blockchain transactions before signing them, while users of other on-chain transaction applications or protocols should temporarily stop interacting until the issue is resolved.
Security experts later provided a list of affected NPM packages and advised those who downloaded them to revert to older versions of the software. NPM also quickly took action to disable the malicious files.
Looks like npm disabled the compromised versions of these packages.
— cygaar (@0xCygaar) September 8, 2025
However, if your app did an npm update in the last few hours you might still be at risk. Would highly recommend devs check all their dependencies. These are the affected versions:
ansi-styles@6.2.2
debug@4.4.2…
Another account explained in more detail how the vulnerability was exploited by bad guys, saying that the malware would only appear on websites or applications that had updated NPM after the hackers broke in, while websites that were still using the old version were likely safe. However, this person still recommended that crypto users temporarily stop trading until the Followin_Z3vHb7 situation is resolved.
Explanation of the current npm hack
— 0xngmi (@0xngmi) September 8, 2025
In any website that uses this hacked dependency, it gives a chance to the hacker to inject malicious code, so for example when you click a "swap" button on a website, the code might replace the tx sent to your wallet with a tx sending money to…
Data from Arkham shows that the address of the person who installed the NPM malware currently holds nearly $500 in crypto assets allegedly stolen from crypto users affected by the vulnerability.
NPM hacker address statistics, Arkham screenshot at 08:45 AM on 09/09/2025
About BingX Founded in 2018, BingX is one of the leading cryptocurrency exchanges with over 20 million users worldwide. BingX offers a variety of products and services such as: Spot trading, Futures Contract, copy trading, etc. to meet the needs of users of all levels. In addition, BingX exchange is proud to be the official partner of Chelsea FC. Download BingX Exchange app on iOS or Android now to start your investment journey! |
