Critical hack may put crypto funds at risk: Ledger CTO

Reports suggest hackers have hijacked a common JavaScript package, allowing them to redirect wallet transactions to their own accounts

by Blockworks /
article-image

Art by Crystal Le

share

A critical software hack may be putting crypto funds at risk, Ledger’s chief technology officer Charles Guillemet warned on Monday.

Hackers appear to have compromised the npm account of an unnamed developer who’s “well-known,” Guillemet said. 

Loading Tweet..

The hackers slipped malicious code into a tiny but widely used JavaScript package called error-ex. That package has been downloaded more than one billion times and is embedded in countless apps and services.

The malware operates by silently monitoring for cryptocurrency activity. When a user tries to send Bitcoin, Ethereum, Solana, or other tokens, it swaps the destination wallet with one controlled by attackers. Victims may believe they are sending funds to a trusted address, but the money instead flows to malicious actors.

Security analysts warned that the code can hijack transactions at multiple layers — altering what websites display, changing background processes, and even tricking apps into misrepresenting what users are signing.

Guillemet advised hardware wallet owners to carefully confirm each transaction on the device’s screen before approving it. Because the hardware displays the true recipient address, diligent users can still spot tampering. For those using software wallets alone, he urged avoiding all on-chain transactions until the attack is better understood.

Researchers are describing the breach as possibly the largest open-source supply chain attack in history. It highlights the fragility of shared software libraries and the direct financial risk they can create in crypto.

This is a developing story.


This article was generated with the assistance of AI and reviewed by editor Jeffrey Albus before publication.


Get the news in your inbox. Explore Blockworks newsletters:

Tags

Decoding crypto and the markets. Daily, with Byron Gilliam.

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 24 - 26, 2026

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Old Billingsgate

Mon - Wed, October 13 - 15, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

recent research

Unlocked by Template.png

Research

Institutional staking providers specialize in offering secure, compliant, and scalable solutions for organizations, asset managers, and individuals who wish to stake large volumes of digital assets. Staking-as-a-Service Providers (SaaSPs) act as intermediaries, running blockchain nodes and managing the technical complexities of staking on behalf of clients, often providing custody, reporting, and yield optimization features across a broad range of assets and networks.

article-image

The plan is to scale PayPal USD with Spark’s liquidity framework, building sustainable stablecoin markets

by Blockworks /
article-image

The company introduced a dollar-backed stablecoin to power instant payments and microtransactions for AI-driven web platforms

by Blockworks /
article-image

The plan is to make GameShift the “consumer portal” that bridges non-crypto gamers into Web3

article-image

Google backs $1.4B of obligations and takes 5.4% stake as Cipher expands AI data center footprint

by Blockworks /
article-image

Nine banks plan MiCA-regulated token to challenge dollar dominance and strengthen Europe’s payments autonomy

by Blockworks /
article-image

Sponsored

The FAIR L1 embeds encrypted execution into the consensus layer and removes the transparency window that makes MEV possible

by Sponsored /