On September 8, the crypto world went into panic when it was revealed by multiple sources that a hacker had acquired the resources to exploit most projects. However, the exploit has been plugged and the hacker was only able to inflict negligible damage.
🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.
— Charles Guillemet (@P3b7_) September 8, 2025
The malicious payload works…
I would strongly recommend not signing any crypto transactions right now.
— cygaar (@0xCygaar) September 8, 2025
There is a huge supply chain attack on popular NPM packages that may have compromised various crypto websites (frontend, not the actual contracts).
It changes the destination address of transactions and…
Stay tuned to find out how it played out.
Hacker Steals Developer’s Credentials And Installs Malware
Node Package Manager (NPM) is used by developers to manage JavaScript code. So, a hacker stole the credentials of a reputable developer using a phishing attack. They impersonated NPM’s support address to get the developer’s details.
🚨 There’s a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over 1 billion times, meaning the entire JavaScript ecosystem may be at risk.
— Charles Guillemet (@P3b7_) September 8, 2025
The malicious payload works…
They then added malicious code to package updates. JavaScript is used by most crypto projects, so any project that installed the malicious updates would be at risk.
The code worked by swapping out legitimate wallet addresses with the hacker’s address, allowing them to potentially steal millions of dollars worth of crypto. The attack targeted Ethereum and Solana wallets.
However, the hacker made errors that disrupted the Continuous Iteration/Continuous Delivery (CI/CD) pipelines. CI/CD pipelines help developers to build, test, and deploy software quickly and repeatedly. This crash set off alarm bells, leading to early detection.
The Panic…
Immediately the malicious update packages were discovered, X accounts like Charles Guillemet and Cygar, warned the crypto community about it. And engineering and security teams around the crypto industry started trying to isolate and remove the infected updates.
Crypto natives were warned to stop and postpone any transactions until the problem was resolved.
The Underwhelming Yet Satisfactory Conclusion
According to a report by Security Alliance, the attacker did not make away with much, despite the unprecedented access they had. They only stole $50 and five cents from a little known memecoin.
So the largest supply chain attack ended with little or no money lost, happy crypto projects, and happy crypto holders. A supply chain attack uses third-party tools to sneak into the target system.
However, crypto community members like Guillemet used the opportunity to remind the community of the advantages of hardware wallets. According to him,
“Supply chain compromises remain a powerful malware delivery vector, and we’re also seeing more targeted attacks emerge. Hardware wallets are built to withstand these threats. Features like Clear Signing let you confirm exactly what’s happening, and Transaction Checks flag suspicious activity before it’s too late.”
Also Read: Luno Extends Tokenized Stocks Offering To Nigeria
