One of the biggest hacker attacks in the history of cryptocurrencies is underway. Check how to protect yourself!

bitcoin.pl logo

Since yesterday (i.e. 08/09/2025), the largest attack on the supply chain in the history of cryptocurrencies has been undergoing potentially. Millions of users can still be threatened. If you think that the Ledger attack was something great, keep the Flipper Zero hackers. On Monday, a bomb broke out, which can affect the entire JavaScript ecosystem and cryptocurrencies on a scale so far unprecedented.

What actually happened?

Charles Guillemet, Cto Ledger, did not change his words by issuing a warning that should light a red light in every Krypto user:

A great offensive on the supply chain is underway: the NPM account of the reputable developer has been compromised. Infected packages have already been downloaded over a billion times, which means that the entire JavaScript ecosystem can be threatened

Sounds like a Hollywood scenario? Unfortunately, this is a brutal reality that looks like a hacker movie.

Attack anatomy: How did the Geniusze hackers attacked the whole web3?

Node Package Manager is a kind of application store for programmers – a central library, where they share small fragments of the code needed to build JavaScript projects. This is the heart of modern internet, but also the world of cryptocurrencies.

The attack began with a phishing campaign addressed to maintainers (managers) of packages in NPM. Hackers sent e-mails pretending to be official NPM support, warning that the user’s account will be blocked if it does not update the two-component authentication (2FA) until September 10, 2025.

The e-mail contained a link to the false page, which looked like an official NPM website, but in fact it stole the login data (login and password). The sample text of the e-mail was:

One of the maintainers, Josh Junon (owner of the “Qix” account in NPM), fell victim to this fraud. Hackers took over his account and published malicious versions of 18 popular packages, which have a total of over 2.6 billion downloads a week. NPM quickly removed some of these versions (e.g. for the “debug” package), but for several hours (around 15:00 – 17:30, 8 September) they were available.

By the way, it’s amazing that the biggest attack on Web3 was carried out by such a basic social engineering trick. Phishing is still the king of attacks in cyberspace.

What packages have been attacked?

Here is a list of compromised packages with their weekly downloads (data from the Aikido Security analysis):

  • Backslash: 0.26 million

  • Chalk-Tplate: 3.9 million

  • Supports-Hyperlinks: 19.2 million

  • Has-Ansi: 12.1 million

  • Simple-Svision: 26.26 million

  • Color-String: 27.48 million

  • Error-EX: 47.17 million

  • Color-Name: 191.71 million

  • IS-ARrayish: 73.8 million

  • Slice-Ansi: 59.8 million

  • Color-Convert: 193.5 million

  • Wrap-Ansi: 197.99 million

  • Ansi-Regex: 243.64 million

  • Supports-Color: 287.1 million

  • Strip-Ansi: 261.17 million

  • Chalk: 299.99 million

  • Debug: 357.6 million

  • Ansi-Styles: 371.41 million

These packages are widely used in JavaScript applications, including tools for formatting text in the console, color support or debugging.

Devil’s plan in action

The installed malware acts like a digital pocket thief – quietly replaces the addresses of cryptocurrency portfolios during transactions. You will click “Send Bitcoin to your address”, and in reality the funds land at the hacker.

This is not an automatic emptying of the wallet, because you still need to accept the transaction. The problem is that when a malicious JavaScript can change what happens after clicking the button, your “safe” click can send funds straight to the pocket of cybercriminals. What does the attack look like in numbers (at the moment)?

  • Over 1 billion downloads infected packages

  • 2 billion+ weekly downloads packages covered by the attack

  • Potential threat to the entire JavaScript ecosystem

This is not an ordinary hacker attack, but a digital Pearl Harbor world of cryptocurrencies.

How to protect yourself? Survival guide

✅ If you use a hardware portfolio (Ledger, Trezor):

You are relatively safe, but it does not release you from thinking! Check each transaction before signing. Hardware Wallet will display the real address of the recipient – if you do not agree with what you see on the screen, do not sign.

⚠️ If you use a software wallet (Metamask, Trust Wallet):

Hold all on-chain transactions until further notice. Yes, I know it hurts. But it’s better to lose a few days of profits than all savings.

🛡️ Additional precautions:

  1. Check the addresses twice – compare the address on your website with this in the wallet

  2. Use only trusted applications – Avoid new platforms for several days

  3. Update carefully – If you are a developer, check all dependencies

  4. Follow messages – official project channels will inform about safety

What do developers do?

NPM has already turned off the compromised versions of the packages, but the milk has already spilled. According to @0xcygaar, the packages were arranged on 08.09 2025 around 17:15 Polish time, but the Frontends of many pages can still be susceptible to attacks. If your application has been made by You can be in danger.

Welcome to the jungle

The attack from Monday 8 September shows how fragile the infrastructure is on which the world of Web3 is based. One compromised developer = potential disaster for billions of transactions.

Irony, right? The technology that was supposed to become independent of centralized systems still depends on … centralized code repositories.

Action, reaction, forecast

This attack is Wake-up call for the entire industry. It shows that even the most decentralized technology has its central threat points. And that perhaps, in the multitude of Innovation Theater, we forgot about the basics: security.

Your action for today (check-list of survival):

IMMEDIATE (next 30 minutes):

  • Check what wallet you are using

  • If software – hold all DEFI transactions

  • If hardware – Be extra alert at each transaction

  • Observe Official channels of your favorite projects

Short-Term (next days):

  • Consider buying Hardware Wallet (if you don’t have it yet)

  • Not Fomo-UW For new projects

  • Test with small amounts before larger transfers

  • Backup your seed phrase (yes, again)

Medium-Term (next weeks):

  • Learn to use Block Explorer For transaction verification

  • Diversify your portfolio between CEX and DEFI

  • Invest in education About the safety of Web3

Golden rules for the (nearest) future:

  1. “Don’t Trust, Verify” – But really verify

  2. “Test in prod” – but with minimal amounts

  3. “Dyor” – But not only about tokenomics, also about Security

  4. “Buy the Dip” – but not at the expense of security

  5. “Hodl” – Hardware Wallet, not on the stock exchange;)

Is this the end of the world (Web3)?

Absolutely not. These are natural growth pains in the world of digital assets that Mainstream became interested in. Each revolutionary technology went through similar crises. The Internet survived thousands of attacks, banks survived countless attacks, and the world of cryptocurrencies and Web3 will also survive this attack. What will change for the better? Such unprecedented crises inspire:

More awareness (cyber) – Users will start treating Security more seriously
Better tools – the market will react by providing more secure solutions
Industry professionalization – No more Cowboy approach to the code
Regulation with sense – Probably the first that will actually help users;)

Monitoring of the situation, i.e. where to follow updates

Twitter/x accounts to watch:

  • @Ledger – official updates from the Hardware Wallet manufacturer

  • @0xcygaar – the first source of information about the attack

  • @zachxbt – On-chain detective, often the first notices anomalies

  • @Tayvano_ – Mycrypto Founder, security expert

  • @mudit__gupta – Security Researcher, often analyzes attacks

Andrew Wang

Andrew Wang

Andrew, founder of The Currency Journal, is a blockchain technology visionary. With a decade of experience in finance and tech, he was among the early adopters to recognize the potential of cryptocurrencies. Andrew launched the media outlet to democratize access to reliable digital revolution information. A developer and crypto trader, he merges technical skills with macroeconomic insights. His mission: to educate, inspire, and guide enthusiasts through an ever-evolving market. Andrew continues to shape the future of finance, one publication at a time.

Ideathon Solana in Gdańsk today at 18!

NASDAQ plans to launch trade in tokenized securities

Dive deeper into the world of digital currencies with The Currency Journal. Our footer offers quick navigation to key sections of our site, including detailed market analysis, educational material, and the latest cryptocurrency news. Bookmark our page for ease of access to the information that keeps you informed and ready for the financial revolution. Your journey into the future of finance starts here. For insights, news, and expert perspectives, trust The Currency Journal—where clarity meets innovation in the cryptocurrency space.

TheCurrencyJournal@aol.com

© 2025 The Currency Journal