PANews reported on September 9th that Ledger CTO Charles Guillemet released an update on the NPM attack: "The attack failed, causing almost no losses to the victims. The attacker stole user credentials through a phishing email from a fake npm-supported domain and then released a malicious package update. The injected code targeted web encryption activities, invaded blockchain networks such as Ethereum and Solana, hijacked transactions, and directly replaced wallet addresses in network responses. Due to an attacker's operational error, the CI/CD process collapsed, allowing the attack to be discovered early and the impact to be limited. However, this is still a clear warning: if funds are stored in software wallets or exchanges, a single code execution can result in the loss of all funds. Supply chain security vulnerabilities remain a key vector for malware distribution, and targeted attacks are increasing. Hardware wallets are designed to protect against such threats. Features such as clear signatures confirm transaction details, and transaction checks can flag suspicious activity in advance. Although the current danger has passed, the threat still exists, so it is important to remain vigilant and ensure safety."