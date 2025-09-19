A decade ago‭, ‬when Bitcoin first entered my awareness‭, ‬I said all the ignorant things people say when they don’t understand it‭. ‬I had the impression it was designed for some sort of dystopian society‭, ‬and that made no sense to me at all‭. ‬

So‭, ‬while the smart people were buying a whole Bitcoin for just a few hundred US dollars‭, ‬I was saying nonsense like‭: ‬“But if there’s an apocalypse and there’s no Internet‭, ‬how would anyone access their Bitcoin anyway‭?‬”‭ ‬

It made sense in my head at the time‭. ‬If it’s money for a digital world‭, ‬and the digital world disappears‭, ‬how is it useful‭?‬

One of the things I’ve since come to realise‭, ‬of course‭, ‬is that Bitcoin wasn’t created for the end of the world‭. ‬It was created as an immutable‭, ‬decentralised and scarce store of value‭ ‬—‭ ‬one that no government can dilute or manipulate‭. ‬And that’s what it has grown into as its primary function‭. ‬As I’ve gone from completely ignorant to about 10‭ ‬per cent of the way to educated‭, ‬and leaned into Bitcoin as an investment‭ ‬—‭ ‬one that I believe will grow over time because of scarcity and adoption‭ ‬—‭ ‬there is one thing I have not spent a lot of time thinking about‭.‬

Until last week‭, ‬when I logged onto my crypto group and saw that someone had shared this alarming message‭: ‬“Hackers hijack npm packages in what is being called the largest supply chain hack in history‭.‬”‭ ‬

Press pause

Charles Guillemet‭, ‬chief technical officer of Ledger‭, ‬a cold wallet crypto storage system‭, ‬advised everyone invested in crypto to refrain from making transactions‭. ‬

We were told that‭ ‬‘malware’‭ ‬and‭ ‬‘malicious code’‭ ‬—‭ ‬two of my new least favourite terms‭ ‬—‭ ‬meant they could be redirected‭, ‬aka stolen and gone forever‭. ‬

I also got a little lesson on the difference between a‭ ‬“hack”‭ ‬and an‭ ‬“exploit”‭. ‬The first gains unauthorised access to a system‭, ‬the second‭, ‬which is what we were dealing with‭, ‬takes advantage of a vulnerability that already exists in a system‭. ‬

Of course‭, ‬my immediate instinct was to check on all my crypto and somehow secure it‭, ‬but knowing there was nothing I could do about any of it‭, ‬I just went to sleep‭.‬

By morning this situation seemed to be much less pressing‭, ‬and a few days later‭, ‬it has been all but forgotten‭.‬

Either way‭, ‬I hadn’t the foggiest idea what had actually happened‭. ‬A few days later‭, ‬a piece in‭ ‬Milk Road Crypto‭ ‬—‭ ‬one of my favourite newsletters‭ ‬—‭ ‬boiled it all down for me‭. ‬

Npm packages are bundles of code in JavaScript‭, ‬the most-used programming language in the world‭. ‬Developers use them to save time in their work‭, ‬billions of times per week‭. ‬So‭, ‬when a hacker managed to gain access to one of those developer’s npm accounts and work in some bad-acting code‭, ‬the damage could have been enormous‭. ‬The good news is that this was caught early‭, ‬and the damage was minimal‭. ‬I’ve heard varying amounts‭, ‬but‭ ‬Milk Road Crypto‭ ‬put it at just‭ $‬503.62‭ (‬Dh1,849‭).‬

The lesson here is crypto may be immutable‭, ‬but the world it runs on is anything but that‭. ‬Our Internet isn’t invincible‭. ‬Our devices aren’t secure‭. ‬And a rogue‭ ‬line of code or one bad actor can drain‭ ‬your wallet‭.‬

Still‭, ‬much as we are in life‭, ‬people in the crypto and Bitcoin world are getting on with things‭, ‬with this possibility running‭ ‬in the background‭. ‬In the wake of Charlie Kirk’s assassination last week‭, ‬Bitcoiners shared a podcast clip in which he talked about his conviction it would become a powerful global store of value‭. ‬

However‭, ‬as he often did‭, ‬Kirk said the quiet part out loud‭: ‬“Quantum is the only asterisk on all of this‭.‬”‭ ‬This refers to the possibility that quantum computing‭ ‬—‭ ‬technology that is a few years away‭ ‬—‭ ‬could one day crack the encryption that protects not only blockchain‭, ‬but the entire digital financial system‭. ‬

The great threat

This is something no crypto or Bitcoin enthusiast wants to think about‭. ‬And as the people on the podcast with Kirk pointed out‭, ‬if quantum computing can take down Bitcoin‭, ‬well‭, ‬it can take down pretty much everything else too‭. ‬Thankfully‭, ‬there are a number of projects devoted to solving this very problem‭.‬

For now‭, ‬I believe in preparing for the best and assuming we’ll land somewhere in the middle‭. ‬I can’t worry about everything‭; ‬if I did‭, ‬I wouldn’t do anything‭. ‬This is the challenge for a lay person like myself‭, ‬interested and investing in a space I only fractionally understand‭. ‬

People worked behind the scenes swiftly to contain this npm situation from becoming much bigger‭. ‬I can only hope they are equipped to deal with other‭, ‬bigger threats‭, ‬too‭. ‬Really‭. ‬

When it comes to crypto‭, ‬trust no one‭. ‬