A recent major attack on JavaScript packages has raised concerns about the security of crypto transactions, prompting Ledger’s CTO Charles Guillemet to urge users to exercise caution. The attack, which compromised over 1 billion downloads of NPM packages, is impacting many cryptocurrency ecosystems and could lead to a significant risk for billions of users. Guillemet warns that address-swapping malware injected into these packages could steal funds through on-chain transactions. While hardware wallets remain secure when used with verified transactions, users relying on software wallets are advised to avoid on-chain interactions until the threat is fully understood. The security experts warn about potential vulnerabilities in various blockchain protocols and smart contracts. The extent of the attack’s impact on market capitalization remains unclear. This incident highlights the importance of using hardware wallets as a precaution and for developers, auditing package dependencies for malicious code.