Critical hack may put crypto funds at risk: Ledger CTO

Reports suggest hackers have hijacked a common JavaScript package, allowing them to redirect wallet transactions to their own accounts

by Blockworks /
article-image

Art by Crystal Le

share

A critical software hack may be putting crypto funds at risk, Ledger’s chief technology officer Charles Guillemet warned on Monday.

Hackers appear to have compromised the npm account of an unnamed developer who’s “well-known,” Guillemet said. 

Loading Tweet..

The hackers slipped malicious code into a tiny but widely used JavaScript package called error-ex. That package has been downloaded more than one billion times and is embedded in countless apps and services.

The malware operates by silently monitoring for cryptocurrency activity. When a user tries to send Bitcoin, Ethereum, Solana, or other tokens, it swaps the destination wallet with one controlled by attackers. Victims may believe they are sending funds to a trusted address, but the money instead flows to malicious actors.

Security analysts warned that the code can hijack transactions at multiple layers — altering what websites display, changing background processes, and even tricking apps into misrepresenting what users are signing.

Guillemet advised hardware wallet owners to carefully confirm each transaction on the device’s screen before approving it. Because the hardware displays the true recipient address, diligent users can still spot tampering. For those using software wallets alone, he urged avoiding all on-chain transactions until the attack is better understood.

Researchers are describing the breach as possibly the largest open-source supply chain attack in history. It highlights the fragility of shared software libraries and the direct financial risk they can create in crypto.

This is a developing story.


This article was generated with the assistance of AI and reviewed by editor Jeffrey Albus before publication.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Research Report Templates (1).png

Research

Aave’s revenues have doubled from April lows and are fast approaching all-time highs. With 35% of borrow interest coming from ETH and 55% from stablecoins, Aave is emerging as a powerful proxy as an ETH and stablecoin beta. As looping strategies accelerate growth and Horizon positions the protocol to ride the RWA wave, Aave is shaping up as one of DeFi’s most compelling multi-narrative plays.

article-image

Bitwise investment strategist expects end to “the wild-west phase of public companies …turning into crypto vehicles”

article-image

The first Solana treasury company is set to make its US debut

article-image

The Solana DAT reportedly plans to raise $1 billion

article-image

YO’s new yoEUR vault lands as incentives try to pull EURC onchain, but fragmented bridges and caps keep markets segmented

article-image

Astana regulator begins trial accepting USD-backed stablecoins for payments through Bybit integration

by Blockworks /
article-image

The Trump-backed DeFi project is believed to have blacklisted Sun’s wallet, triggering market pressure

by Blockworks /