Dark | Light
[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

# ![@P3b7_ Avatar](https://lunarcrush.com/gi/w:26/cr:twitter::1041276721759043584.png) @P3b7_ Charles Guillemet

A large-scale supply chain attack is underway after a reputable developer's npm account was compromised, with over X billion downloads of affected packages, potentially putting the entire JavaScript ecosystem at risk. The attack involves malicious payloads that silently swap cryptocurrency addresses. Users without hardware wallets with clear signing are at risk.

### Engagements: XXXXXX [#](/creator/twitter::1041276721759043584/interactions)
![Engagements Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1041276721759043584/c:line/m:interactions.svg)

- X Week XXXXXXX +3.40%
- X Month XXXXXXX -XX%
- X Months XXXXXXXXXX +3,318%
- X Year XXXXXXXXXX +2,935%

### Mentions: XX [#](/creator/twitter::1041276721759043584/posts_active)
![Mentions Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1041276721759043584/c:line/m:posts_active.svg)

- X Month XX +86%
- X Months XXX +114%
- X Year XXX +151%

### Followers: XXXXXX [#](/creator/twitter::1041276721759043584/followers)
![Followers Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1041276721759043584/c:line/m:followers.svg)

- X Week XXXXXX +0.13%
- X Month XXXXXX -XXXX%
- X Months XXXXXX +170%
- X Year XXXXXX +203%

### CreatorRank: XXXXXXX [#](/creator/twitter::1041276721759043584/influencer_rank)
![CreatorRank Line Chart](https://lunarcrush.com/gi/w:600/cr:twitter::1041276721759043584/c:line/m:influencer_rank.svg)

### Social Influence [#](/creator/twitter::1041276721759043584/influence)
---

**Social category influence**
[finance](/list/finance)  #3243 [stocks](/list/stocks)  XXXX% [technology brands](/list/technology-brands)  XXXX%

**Social topic influence**
[has been](/topic/has-been) 8.33%, [javascript](/topic/javascript) 4.17%, [pay attention](/topic/pay-attention) 4.17%, [$135m](/topic/$135m) 4.17%, [money](/topic/money) 4.17%, [everything in](/topic/everything-in) 4.17%, [live on](/topic/live-on) 4.17%, [blockchain](/topic/blockchain) 4.17%, [agencies](/topic/agencies) 4.17%, [exchanges](/topic/exchanges) XXXX%

**Top accounts mentioned or mentioned by**
[@ledger](/creator/undefined) [@lemiscate](/creator/undefined) [@0xgomes](/creator/undefined) [@captindelta](/creator/undefined) [@bitwux](/creator/undefined) [@huevatoi](/creator/undefined) [@wirelyss](/creator/undefined) [@gladstein](/creator/undefined) [@titled4f](/creator/undefined) [@metamask](/creator/undefined) [@donjonledger](/creator/undefined) [@cliffinkent](/creator/undefined) [@1inch](/creator/undefined) [@degeneratenews](/creator/undefined) [@ricefarmernft](/creator/undefined) [@lewaf](/creator/undefined) [@tristan0x](/creator/undefined) [@yubweqmf](/creator/undefined) [@patrickalphac](/creator/undefined) [@beamscotty5](/creator/undefined)

**Top assets mentioned**
[Alphabet Inc Class A (GOOGL)](/topic/$googl)
### Top Social Posts [#](/creator/twitter::1041276721759043584/posts)
---
Top posts by engagements in the last XX hours

"🚨 Theres a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over X billion times meaning the entire JavaScript ecosystem may be at risk. The malicious payload works by silently swapping crypto addresses on the fly to steal funds. If you use a hardware wallet pay attention to every transaction before signing and you're safe. If you dont use a hardware wallet refrain from making any on-chain transactions for now. Its still unclear whether the attacker is also stealing seeds from"  
[X Link](https://x.com/P3b7_/status/1965094840959410230) [@P3b7_](/creator/x/P3b7_) 2025-09-08T16:48Z 42.9K followers, 9.7M engagements


"$1.35M was stolen from a Thorchain cofounder. Yet another reminder: if your keys are stored in a software wallet youre only one malicious code execution away from losing everything. In this case the victim didnt even sign a malicious transaction the malware simply stole the keys. Honestly its insane to keep that much money in a software wallet. If you leave significant funds there its not a question of if youll be drained but when"  
[X Link](https://x.com/P3b7_/status/1966426113967583603) [@P3b7_](/creator/x/P3b7_) 2025-09-12T08:58Z 42.9K followers, 88.4K engagements


"Clear Signing and Transaction Checks are available for Aave Its simple connect wallet to Aave using WC then follow the steps in Ledger Live. On your device you can verify exactly what youre signing and even view the results of transaction simulations. Earn yield on your assets while keeping full self-custody and end-to-end security. If your favorite dApp is not yet clear-signed simply ask them to add the support here. It's really easy for them"  
[X Link](https://x.com/P3b7_/status/1978478827371110666) [@P3b7_](/creator/x/P3b7_) 2025-10-15T15:11Z 42.9K followers, 38.6K engagements


"Monero appears to be in the midst of a successful XX% attack. The privacy-focused blockchain launched in 2014 and long targeted by governments and 3-letters agencies is already banned from most major centralized exchanges. The Qubic mining pool has been amassing hashrate for months and now controls a majority of the network. A major chain reorganization was detected this morning. With its current dominance Qubic can rewrite the blockchain enable double-spending and censor any transaction. Sustaining this attack is estimated to cost $XX million per day. While potentially lucrative it threatens"  
[X Link](https://x.com/P3b7_/status/1955173413992984988) [@P3b7_](/creator/x/P3b7_) 2025-08-12T07:44Z 42.9K followers, 1M engagements


"@wirelyss @gladstein The NFTs are safe if they are using a Ledger"  
[X Link](https://x.com/P3b7_/status/1981113941658136793) [@P3b7_](/creator/x/P3b7_) 2025-10-22T21:42Z 42.9K followers, 13.9K engagements


"🚨Researchers discovered a new Android side-channel that defeats app isolation. By installing a malicious app an attacker can directly see what other apps display for instance 2FA codes or Seed phrases The exploit uses Android APIs and a hardware side channel present on nearly all modern devices. Google has declined to fix this resolving the report as Wont fix (Infeasible). If you show sensitive data on your screen you risk losing all your crypto. Simply don't use your phone to secure your crypto. cf"  
[X Link](https://x.com/P3b7_/status/1978008808879214957) [@P3b7_](/creator/x/P3b7_) 2025-10-14T08:03Z 42.8K followers, 18.4K engagements


"@Bitwux @Ledger Please have a look at this. That should solve your issue"  
[X Link](https://x.com/P3b7_/status/1980238805060682173) [@P3b7_](/creator/x/P3b7_) 2025-10-20T11:44Z 42.8K followers, 5250 engagements


"If you use a Ledger or hardware wallet with clear signing you are not at risk. My tweet above is warning people who do not use a hardware wallet with clear signing of the risk. Always review every transaction before you sign"  
[X Link](https://x.com/P3b7_/status/1965117765137957113) [@P3b7_](/creator/x/P3b7_) 2025-09-08T18:19Z 42.9K followers, 435.3K engagements


"⚠ Our white hat team the @DonjonLedger discovered a flaw in Tangem cards that makes brute force attacks possible. As always the Donjon followed responsible disclosure to inform Tangem user protection is our priority. We can now reveal our findings in full: 🧵👇"  
[X Link](https://x.com/P3b7_/status/1968313961486614723) [@P3b7_](/creator/x/P3b7_) 2025-09-17T13:59Z 42.9K followers, 235.7K engagements


"@Cliffinkent Potentially all chains"  
[X Link](https://x.com/P3b7_/status/1965101115164549186) [@P3b7_](/creator/x/P3b7_) 2025-09-08T17:13Z 42.9K followers, 378.3K engagements


"🔥 Clear Signing on Safe is here with Ledger Multisig. Tens of billions in assets are secured by Safe the gold standard for onchain multisig. But nearly every team using it shares the same fatal flaw: blind signing. Youre asked to approve a treasury transaction and all you see is a random hex string. Youre forced to trust your browser. Thats not security. Thats a gamble. And a lot of people are losing at this game. Today were fixing it. Introducing Ledger Multisig built on Safe powered by Ledgers world-class hardware security. Its the missing link: the security and clarity layer every"  
[X Link](https://x.com/P3b7_/status/1981340675959369939) [@P3b7_](/creator/x/P3b7_) 2025-10-23T12:43Z 42.9K followers, 97.4K engagements


"Swap on @1inch directly with your Ledger device with Clear signing and Transaction checks. You don't even need an extension or anything in the middle. USB and BLE are available. Enjoy"  
[X Link](https://x.com/P3b7_/status/1981345113826562139) [@P3b7_](/creator/x/P3b7_) 2025-10-23T13:01Z 42.9K followers, 15K engagements

[GUEST ACCESS MODE: Data is scrambled or limited to provide examples. Make requests using your API key to unlock full data. Check https://lunarcrush.ai/auth for authentication information.]

@P3b7_ Avatar @P3b7_ Charles Guillemet

A large-scale supply chain attack is underway after a reputable developer's npm account was compromised, with over X billion downloads of affected packages, potentially putting the entire JavaScript ecosystem at risk. The attack involves malicious payloads that silently swap cryptocurrency addresses. Users without hardware wallets with clear signing are at risk.

Engagements: XXXXXX #

Engagements Line Chart

  • X Week XXXXXXX +3.40%
  • X Month XXXXXXX -XX%
  • X Months XXXXXXXXXX +3,318%
  • X Year XXXXXXXXXX +2,935%

Mentions: XX #

Mentions Line Chart

  • X Month XX +86%
  • X Months XXX +114%
  • X Year XXX +151%

Followers: XXXXXX #

Followers Line Chart

  • X Week XXXXXX +0.13%
  • X Month XXXXXX -XXXX%
  • X Months XXXXXX +170%
  • X Year XXXXXX +203%

CreatorRank: XXXXXXX #

CreatorRank Line Chart

Social Influence #

Social category influence finance #3243 stocks XXXX% technology brands XXXX%

Social topic influence has been 8.33%, javascript 4.17%, pay attention 4.17%, $135m 4.17%, money 4.17%, everything in 4.17%, live on 4.17%, blockchain 4.17%, agencies 4.17%, exchanges XXXX%

Top accounts mentioned or mentioned by @ledger @lemiscate @0xgomes @captindelta @bitwux @huevatoi @wirelyss @gladstein @titled4f @metamask @donjonledger @cliffinkent @1inch @degeneratenews @ricefarmernft @lewaf @tristan0x @yubweqmf @patrickalphac @beamscotty5

Top assets mentioned Alphabet Inc Class A (GOOGL)

Top Social Posts #

Top posts by engagements in the last XX hours

"🚨 Theres a large-scale supply chain attack in progress: the NPM account of a reputable developer has been compromised. The affected packages have already been downloaded over X billion times meaning the entire JavaScript ecosystem may be at risk. The malicious payload works by silently swapping crypto addresses on the fly to steal funds. If you use a hardware wallet pay attention to every transaction before signing and you're safe. If you dont use a hardware wallet refrain from making any on-chain transactions for now. Its still unclear whether the attacker is also stealing seeds from"
X Link @P3b7_ 2025-09-08T16:48Z 42.9K followers, 9.7M engagements

"$1.35M was stolen from a Thorchain cofounder. Yet another reminder: if your keys are stored in a software wallet youre only one malicious code execution away from losing everything. In this case the victim didnt even sign a malicious transaction the malware simply stole the keys. Honestly its insane to keep that much money in a software wallet. If you leave significant funds there its not a question of if youll be drained but when"
X Link @P3b7_ 2025-09-12T08:58Z 42.9K followers, 88.4K engagements

"Clear Signing and Transaction Checks are available for Aave Its simple connect wallet to Aave using WC then follow the steps in Ledger Live. On your device you can verify exactly what youre signing and even view the results of transaction simulations. Earn yield on your assets while keeping full self-custody and end-to-end security. If your favorite dApp is not yet clear-signed simply ask them to add the support here. It's really easy for them"
X Link @P3b7_ 2025-10-15T15:11Z 42.9K followers, 38.6K engagements

"Monero appears to be in the midst of a successful XX% attack. The privacy-focused blockchain launched in 2014 and long targeted by governments and 3-letters agencies is already banned from most major centralized exchanges. The Qubic mining pool has been amassing hashrate for months and now controls a majority of the network. A major chain reorganization was detected this morning. With its current dominance Qubic can rewrite the blockchain enable double-spending and censor any transaction. Sustaining this attack is estimated to cost $XX million per day. While potentially lucrative it threatens"
X Link @P3b7_ 2025-08-12T07:44Z 42.9K followers, 1M engagements

"@wirelyss @gladstein The NFTs are safe if they are using a Ledger"
X Link @P3b7_ 2025-10-22T21:42Z 42.9K followers, 13.9K engagements

"🚨Researchers discovered a new Android side-channel that defeats app isolation. By installing a malicious app an attacker can directly see what other apps display for instance 2FA codes or Seed phrases The exploit uses Android APIs and a hardware side channel present on nearly all modern devices. Google has declined to fix this resolving the report as Wont fix (Infeasible). If you show sensitive data on your screen you risk losing all your crypto. Simply don't use your phone to secure your crypto. cf"
X Link @P3b7_ 2025-10-14T08:03Z 42.8K followers, 18.4K engagements

"@Bitwux @Ledger Please have a look at this. That should solve your issue"
X Link @P3b7_ 2025-10-20T11:44Z 42.8K followers, 5250 engagements

"If you use a Ledger or hardware wallet with clear signing you are not at risk. My tweet above is warning people who do not use a hardware wallet with clear signing of the risk. Always review every transaction before you sign"
X Link @P3b7_ 2025-09-08T18:19Z 42.9K followers, 435.3K engagements

"⚠ Our white hat team the @DonjonLedger discovered a flaw in Tangem cards that makes brute force attacks possible. As always the Donjon followed responsible disclosure to inform Tangem user protection is our priority. We can now reveal our findings in full: 🧵👇"
X Link @P3b7_ 2025-09-17T13:59Z 42.9K followers, 235.7K engagements

"@Cliffinkent Potentially all chains"
X Link @P3b7_ 2025-09-08T17:13Z 42.9K followers, 378.3K engagements

"🔥 Clear Signing on Safe is here with Ledger Multisig. Tens of billions in assets are secured by Safe the gold standard for onchain multisig. But nearly every team using it shares the same fatal flaw: blind signing. Youre asked to approve a treasury transaction and all you see is a random hex string. Youre forced to trust your browser. Thats not security. Thats a gamble. And a lot of people are losing at this game. Today were fixing it. Introducing Ledger Multisig built on Safe powered by Ledgers world-class hardware security. Its the missing link: the security and clarity layer every"
X Link @P3b7_ 2025-10-23T12:43Z 42.9K followers, 97.4K engagements

"Swap on @1inch directly with your Ledger device with Clear signing and Transaction checks. You don't even need an extension or anything in the middle. USB and BLE are available. Enjoy"
X Link @P3b7_ 2025-10-23T13:01Z 42.9K followers, 15K engagements

@P3b7_
/creator/twitter::P3b7_