 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
 |
|
Cryptocurrency News Articles
XRP Ledger Faced a Major Security Breach Involving xrpl.js JavaScript Library
Apr 24, 2025 at 07:19 pm
Recently, XRP faced a major security breach involving one of XRP Ledger's JavaScript libraries. The Ripple npm JavaScript library named xrpl.js was compromised
Recently, a major cryptocurrency project was hit by a nasty case of code corruption, affecting a key JavaScript library used by many to connect with the blockchain.
This is what happened:
One of the npm JavaScript libraries used by Ripple was compromised in a software supply chain attack. The issue was flagged by Aikido Security and later confirmed by Ripple CTO David Schwartz.
The issue affects specific versions of the Node Package Manager (NPM) library, but major XRP services like Xaman Wallet and XRPScan were not impacted.
It was discovered that versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2 of the Ripple npm JavaScript library, named xrpl.js, were compromised in a software supply chain attack.
The vulnerability was patched in newer versions 4.2.5 and 2.14.3.
The incident began when a user named "mukulljangid" started injecting malicious code into the xrpl.js package from April 21, 2025.
Later, the attacker introduced a new function to steal private keys and send them to an external domain. It is assumed that the attacker gained access through a compromised Ripple employee’s npm account.
Moreover, the attacker quickly deployed multiple versions to avoid detection, but there is no sign of a backdoor in the GitHub repository.
The XRP Ledger foundation also issued a statement, confirming that the compromised versions of xrpl.js have been removed. They advised developers to use versions 4.2.5 or 2.14.3. A full report will follow.
This vulnerability is in xrpl.js, a JavaScript library for interacting with the XRP Ledger. It does NOT affect the XRP Ledger codebase or Github repository itself. Projects using xrpl.js should upgrade to v4.2.5 immediately.
We are aware that specific versions of the Node Package Manager (NPM) library are affected, but major XRP services like Xaman Wallet and XRPScan are not impacted.
This incident has once again raised concerns over software security, especially in the cryptocurrency sector where customer support and large sums of money are at stake.
Disclaimer:info@kdj.com
The information provided is not trading advice. kdj.com does not assume any responsibility for any investments made based on the information provided in this article. Cryptocurrencies are highly volatile and it is highly recommended that you invest with caution after thorough research!
If you believe that the content used on this website infringes your copyright, please contact us immediately (info@kdj.com) and we will delete it promptly.
-
-
-
-
-
-
-
-
-
- BlockDAG Early Users Compete for $60K in Testnet Rewards as SNX Rebounds & TRON Network Mints $10B USDT
- Apr 25, 2025 at 12:50 am
- There's been a lot going on across the crypto space lately. Starting with the SNX price prediction, analysts are eyeing a slow but steady climb ahead, with projections pointing to stronger long-term gains.
