Ledger CTO: Large-Scale Supply Chain Attack Underway, Entire JavaScript Ecosystem at Risk

By: theblockbeats.news|2026/03/28 15:49:43

BlockBeats News, September 9, Ledger's Chief Technology Officer Charles Guillemet wrote that, "A large-scale supply chain attack is currently taking place: a well-known developer's NPM account has been compromised. The affected package has been downloaded over 1 billion times, which means the entire JavaScript ecosystem could be at risk.

The malicious code works by silently tampering with cryptocurrency addresses in the background to steal funds.

If you use a hardware wallet, please carefully verify each signature transaction, and you are safe.
If you do not use a hardware wallet, please refrain from making any on-chain transactions for now.
It is currently unclear whether the attacker has already stolen the software wallet's mnemonic phrase.

For more details, see the report. If you are using Ledger or another hardware wallet that supports clear signatures, you will not be affected. My previous tweets were a reminder: Users who do not use hardware wallets that support clear signatures are at risk. Please be sure to carefully review each transaction before signing."

Solana did not fall behind during the bear market. Trading enthusiasm has waned, but the network is more stable, RWA and stablecoins are expanding, and the capital foundation is much thicker than in the previous cycle. The real question is: when the speculative tide recedes, can perpetuals, predicti...

Young people in South Korea make a "final effort" in the epic bull market

The South Koreans' average of two accounts for wildly gambling in the chip bull market reflects the survival anxiety and harsh reality of countless young people trying to break through class barriers behind the nationwide stock trading frenzy for wealth.

Dialogue with OmenX Founder: Why does the prediction market need an evolution from "spot" to "derivatives"?

How to reconstruct the prediction market using leverage?

When the P2P illicit funds from ten years ago turned into 60,000 bitcoins

The largest Bitcoin money laundering case in the UK has new developments: 16,000 Chinese victims are pursuing 61,000 seized Bitcoins across borders, and the dispute over the applicability of UK and Chinese laws will directly determine whether the victims can share in the soaring profits.

Morning News | CME Group launches Nasdaq Cryptocurrency Index futures; Asset management giant Janus Henderson strategically invests in Ethena

Overview of Important Market Events on June 10

Why did Oracle deliver the strongest financial report in history, yet its stock price fell?

Oracle's revenue for fiscal year 2026 set a record, with AI cloud orders soaring to $638 billion, but massive capital expenditures on computing power led to negative free cash flow, causing a 5% drop in after-hours stock prices.

Bitcoin Layer 2 Network Botanix: Why Did We Choose to Dissolve?

The Bitcoin L2 star project Botanix announced a gradual shutdown, with the team admitting to facing severe challenges from the failure of its business model and the prevailing trends. Users are urged to withdraw all assets before July 9, 2026.

Morning Report | OpenAI has submitted an S-1 registration statement draft to the U.S. SEC; Morpho completes $175 million financing

Overview of Important Market Events on June 9th

Galaxy Deep Research Report: How Hyperliquid's HIP-4 Upgrade Changes the Landscape of Prediction Markets?

The platform that wins this competition will be the one whose execution layer is the hardest to replicate, whose builder ecosystem delivers the fastest, and whose regulatory path is the most open.

Latest research from 13 top universities including Cornell University: The current state, challenges, and misconceptions of the fusion of Crypto and AI

The combination of AI and crypto is still in its early stages, with both serving as complementary "middleware": AI translates human intentions into executable programs, while cryptographic technology provides verifiable and tamper-proof guarantees for computational processes and results. In the dire...

Deconstructing Anthropic: The Best AI Company, Possibly Also a Type of Organizational Invention

Instead of competing with ambition, focusing on restraint, how does Anthropic leverage extreme strategic focus and an "counterintuitive" geek culture to counterattack OpenAI on the AI battlefield?

Every exchange is a "Universal Exchange."

You initially build infrastructure for something, then realize it can also be used for many other things, and then you continuously expand the business to accommodate everything that the infrastructure can support.

The counterattack of traditional finance: Alliance chains are quietly reviving

Whether public chains win or consortium chains win has never been the focus.

Pantera Capital Partner: How Tokenization is Restructuring the Private Equity and Early Investment Ecosystem?

Top tech companies are going public later and later, leaving retail investors shut out during the high growth period. Can tokenization give ordinary people back this entry ticket?

Mastercard Launches Agent Pay for AI, Plans to Record AI Agent Payment Authorizations on Polygon

Mastercard launched Agent Pay for AI, a new payment protocol designed to help AI agents make small payments such as pay-per-use access to data and APIs. The system plans to record human-granted AI agent permissions on Polygon, focusing on verifiable authorization, identity, and payment controls.

Curve Deploys Llamalend v2 on Optimism With 250,000 OP Incentives

Curve launched Llamalend v2 on Optimism with 250,000 OP incentives from the Optimism Foundation. The upgrade expands Llamalend beyond its earlier crvUSD-focused model, adding broader collateral support, LlamaRisk market reviews, and the ability to use Curve LP tokens as collateral.