- Polygon, Ledger, Trezor break silence on yesterday’s NPM hack
- Largest JavaScript NPM hack: What you should know
So far, no cryptocurrency service has reported losses as a result of clipper malware being injected into NPM packages, inevitable instruments for JavaScript developers. At the same time, cryptocurrency users should stay particularly vigilant these days.
Polygon, Ledger, Trezor break silence on yesterday’s NPM hack
According to official statements by cryptocurrency teams, more and more services have confirmed that their tech architectures are unaffected by the Sept. 8 NPM attack, the biggest hack in the history of JavaScript.
Polygon (POL), the largest layer-2 blockchain on Ethereum Virtual Machine, assured readers that both Polygon Proof-of-Stake and Agglayer are unaffected by the collapse.
Most importantly, similar statements have been released by the cryptocurrency wallet’s team. Hardware wallet producer Ledger, whose CTO Charles Guillemet informed the crypto space about the hack, stressed that all funds are safe.
Ledger devices are not and have not been at risk during an ecosystem-wide software supply chain attack that was discovered. Ledger devices are built specifically to protect users against attacks like these.
Trezor, another top-tier provider of hardware cryptocurrency wallets, outlined that at no stage were the gadgets exposed to the attackers.
Trezor Suite, an app necessary to connect Trezor wallets to computers, is also safe, the statement says.
Largest JavaScript NPM hack: What you should know
Yesterday, on Sept. 8, 2025, the account of a reputable JavaScript software developer was hacked. The malefactors uploaded tampered NPM packages — elements of JS code — infiltrated with the malware targeting crypto on all major blockchains.
Altered NPM packages might be downloaded billions of times as JS is one of the dominant programming languages right now.
Clipper malware replaces the address a victim sends crypto to with the address of the hacker. As a result, the user sends money to the attacker without knowing it.
All crypto users should be super cautious these days while sending funds on-chain and when signing approvals via Web3 wallets.