CyberSecurity news
FlagThis
@www.bleepingcomputer.com
//
Ripple's recommended XRP library, xrpl.js, has been compromised in a supply chain attack, leading to the theft of XRP wallet seeds and private keys. The breach involved malicious code being injected into the official NPM package of xrpl.js, a widely used library with over 140,000 weekly downloads. The compromised versions, specifically 2.14.2, 4.2.1, 4.2.2, 4.2.3, and 4.2.4, allowed attackers to transfer funds from affected wallets to an attacker-controlled server, resulting in significant financial losses for users. The compromised versions were published to the NPM registry between 4:46 PM and 5:49 PM ET, before being removed, and a clean 4.2.5 release made available.
The attack was reportedly executed by a user identified as mukulljangid, who released several unauthorized versions of the XRPL node package manager without corresponding releases on the XRPL GitHub. These suspicious updates included code designed to steal private keys, which are critical for accessing cryptocurrency wallets. This breach was identified by Aikido Security on April 22, 2025, highlighting the severe risks of supply chain attacks where a single compromised component can jeopardize numerous applications and websites.
The incident serves as a wake-up call for the cryptocurrency community, exposing the vulnerability of widely used software packages to malicious code injection. The compromised versions have since been removed, but the incident underscores the importance of vigilance in securing the cryptocurrency ecosystem. It highlights the need for developers and users alike to verify the integrity of dependencies and promptly update to patched versions to mitigate potential risks.
ImgSrc: www.bleepstatic
References :
The attack was reportedly executed by a user identified as mukulljangid, who released several unauthorized versions of the XRPL node package manager without corresponding releases on the XRPL GitHub. These suspicious updates included code designed to steal private keys, which are critical for accessing cryptocurrency wallets. This breach was identified by Aikido Security on April 22, 2025, highlighting the severe risks of supply chain attacks where a single compromised component can jeopardize numerous applications and websites.
The incident serves as a wake-up call for the cryptocurrency community, exposing the vulnerability of widely used software packages to malicious code injection. The compromised versions have since been removed, but the incident underscores the importance of vigilance in securing the cryptocurrency ecosystem. It highlights the need for developers and users alike to verify the integrity of dependencies and promptly update to patched versions to mitigate potential risks.
ImgSrc: www.bleepstatic
Share:
References :
- BleepingComputer: The recommended Ripple cryptocurrency NPM JavaScript library named "xrpl.js" was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server, allowing threat actors to steal all the funds stored in the wallets.
- The DefendOps Diaries: Ripple's xrpl.js Library Breach: A Wake-Up Call for Cryptocurrency Security
- www.bleepingcomputer.com: Ripple’s recommended XRP library xrpl.js hacked to steal wallets
- bsky.app: The recommended Ripple cryptocurrency NPM JavaScript library named "xrpl.js" was compromised to steal XRP wallet seeds and private keys and transfer them to an attacker-controlled server, allowing threat actors to steal all the funds stored in the wallets.
- BleepingComputer: Ripple’s recommended XRP library xrpl.js hacked to steal wallets
- www.aikido.dev: XRP supply chain attack: Official NPM package infected with crypto stealing backdoor
Classification:
- HashTags: #XRP #SupplyChain #CryptoSecurity
- Company: Ripple
- Target: XRP Wallet Users
- Product: xrpl.js
- Feature: Supply Chain Attack
- Type: Hack
- Severity: Major