Ledger CTO Warns of Billion-Download NPM Supply Chain Attack, All Solana Ecosystem Responds

Ledger CTO Charles Guillemet has sounded the alarm on a major supply chain attack targeting the JavaScript ￰4￱ exploit comes after a reputable developer’s NPM account was compromised, pushing malicious code into widely used packages with over 1 billion ￰5￱ X, Guillemet wrote: “There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been ￰6￱ affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.” There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been ￰7￱ affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at ￰8￱ malicious payload works… — Charles Guillemet (@P3b7_) September 8, 2025 Malicious Payload Swaps Crypto Addresses The injected payload is designed to silently replace crypto addresses during ￰9￱ a user pastes or inputs a wallet address, the code swaps it with the attacker’s address—stealing funds without the victim ￰10￱ has already disabled the compromised versions, but Guillemet cautions that risks may remain, especially on frontend applications still relying on cached or unpatched ￰11￱ advised: Hardware wallet users should double-check every transaction before ￰12￱ wallet users should pause all on-chain activity until further ￰13￱ this stage, it’s not clear if the attacker is also harvesting seed phrases from software ￰14￱ Ecosystem Responds The attack has triggered responses across the Solana ￰15￱ and wallets quickly issued statements clarifying their exposure—or lack ￰16￱ Protocol Solana-based Drift Protocol Drift confirms that Drift's SDK and UI are not affected by the large-scale NPM supply chain ￰17￱ of the compromised packages were identified in Drift's ￰18￱ the safety of the community, Drift advises users to temporarily refrain from signing transactions until… — Drift (@DriftProtocol) September 8, 2025 confirmed that both its SDK and UI remain ￰19￱ team advised users to stay alert when signing any transactions until wallets fully confirm ￰20￱ Wallet Popular Solana wallet Solflare Solflare users are not at risk We enforce version locking to protect from supply-chain ￰21￱ versions get bumped and merged only after a thorough code ￰22￱ is our #1 ￰23￱ safe ￰0￱ — Solflare – The Solana Wallet (@solflare) September 8, 2025 said its users are not at ￰24￱ team pointed to safeguards like version locking and thorough code reviews before merging ￰25￱ version changes are never pushed without ￰26￱ Finance Kamino Finance co-founder @y2kappa Confirming the Kamino app does not have a dependency on the affected packages. ￰1￱ — Marius | Kamino (@y2kappa) September 8, 2025 responded, confirming Solana’s leading lending protocol is not ￰27￱ Kamino app has no dependency on the compromised NPM ￰28￱ Finance Staking giant Marinade Finance We are monitoring the ongoing NPM supply chain ￰29￱ double-checking our systems, Marinade is not affected.

Still, we advise everyone to stay vigilant as the situation unfolds. We’ll continue to track this closely and keep the community updated. ￰2￱ — Marinade (@MarinadeFinance) September 8, 2025 said it is monitoring the situation ￰30￱ checks show no impact, but the team urged users to remain vigilant as details ￰31￱ Exchange Solana’s top DEX aggregator Jupiter Exchange Regarding the recent NPM supply-chain attack: Both Jupiter and Jup Mobile users are completely unaffected by the vulnerability. We've confirmed across the source code that none of the affected package-versions exist in any Jupiter ￰32￱ are safe ￰3￱ — Jupiter ( , ) (@JupiterExchange) September 8, 2025 confirmed it is ￰33￱ the Jupiter web app nor Jup Mobile relies on the compromised ￰34￱ Chain Attacks: A Growing Risk This incident highlights the fragility of open-source ￰35￱ NPM packages embedded across thousands of projects, a single compromised account can spread malicious code to millions of users ￰36￱ risk is amplified in crypto, where address swaps can directly drain ￰37￱ traditional hacks, supply chain attacks exploit trust in widely used libraries, slipping past most developers and security ￰38￱ Users Should Do Guillemet’s advice is clear: Hardware wallets remain the safest ￰39￱ verify the transaction address on the device before ￰40￱ wallet users should avoid sending transactions until updates confirm no deeper ￰41￱ should review package dependencies and ensure they are not pulling from compromised ￰42￱ of now, the attack appears contained, with NPM disabling malicious ￰43￱ questions ￰44￱ the attacker only hijacking addresses—or also attempting to exfiltrate seeds from software wallets?

The answer could determine whether this is an inconvenience for careless users or a catastrophic breach across the ￰45￱ now, caution is the rule. Guillemet’s warning underscores how even one compromised developer account can threaten an entire ￰46￱ over 1 billion downloads at risk, this NPM attack may go down as one of the most significant supply chain compromises in recent memory. Disclosure: This is not trading or investment ￰47￱ do your research before buying any cryptocurrency or investing in any ￰48￱ us on Twitter @nulltxnews to stay updated with the latest Crypto, NFT, AI, Cybersecurity, Distributed Computing, and Metaverse news !