New Security Flaw Threatens Crypto and Online Services

The crypto ecosystem has just suffered one of the most sophisticated attacks in its history. A “crypto-clipper” injected via compromised NPM modules quietly diverts wallet addresses during transactions. How did this breach escape security radars?

The anatomy of a large-scale attack

On September 8, 2025, the crypto ecosystem was shaken by an unprecedented attack. Indeed, a recognized developer, responsible for widely used JavaScript libraries, saw their NPM account compromised after a simple phishing email. This access was enough to trigger a real digital storm.

NPM, the true backbone of the modern web, distributes more than a billion code modules weekly to developers around the world. 

When a popular package like “chalk”, “strip-ansi” or “color-convert” is infected, the entire digital chain wobbles. In a few hours, thousands of projects – websites, mobile apps, cloud services – find themselves exposed.

The introduced malicious code stands out by its sophistication. This “crypto-clipper” monitors blockchain transactions in real time and discreetly replaces recipient addresses. Whether it is Bitcoin, Ethereum or Solana, no cryptocurrency is spared. 

Furthermore, the attack acts on multiple fronts: manipulation of web display, modification of API responses, and falsification of signature data. In other words, even a vigilant user can be tricked.

The crypto infrastructure facing its vulnerabilities

The NPM incident starkly exposes the vulnerability of our digital infrastructure. Charles Guillemet, technical director of Ledger, immediately alerted the crypto community with an unequivocal message.

Only hardware wallet users can continue their transactions safely, provided they carefully verify each address displayed on the screen of their physical device.

This recommendation highlights a troubling reality: our digital systems rely on a fragile chain of trust. NPM handles more than 4.5 petabytes of weekly traffic and quietly powers the global internet. When this central platform wavers, the entire digital ecosystem staggers.

The attack strangely coincides with the compromise of SwissBorg, which lost 193,000 SOL following a flaw in its partner Kiln’s API. 

Although the link between these two incidents remains to be established, their temporal proximity raises questions about a possible coordinated campaign. SwissBorg immediately mobilized its treasury to cover the losses, demonstrating the crucial importance of a rapid response to this type of threat.

Beyond these emblematic cases, an entire model is being challenged. Companies discover that their security often depends on volunteer developers, whose names they do not even know. 

This invisible dependency creates single points of failure, now methodically exploited by cybercriminals. Attacks targeting the software supply chain are multiplying, as they offer a formidable leverage: compromising a single source to reach thousands of targets.

Faced with these sophisticated attacks, the crypto ecosystem must rethink its security. Hardware wallets and systematic verifications have now become essential to protect your assets.