See every side of every news story
Get Started
SubscribeLogin
Israel-Hamas Conflict
Pope Francis
Natural Disasters
Vatican
Artificial Intelligence
Social Media
Tariffs
Trade
Education
Donald Trump
Taxes
European Union
Stock Markets
Published loading...Updated

Ripple NPM supply chain attack hunts for private keys

  • Threat actors compromised the xrpl.js JavaScript library for interacting with the XRP Ledger.
  • Attackers used a compromised developer NPM account in a software supply chain attack.
  • They injected malicious code starting April 21, 2025 to steal user private keys.
  • Modified versions accumulated 452 downloads before removal from NPM.
  • Users should upgrade immediately to versions 4.2.5 or 2.14.3.
Insights by Ground AI
Does this summary seem wrong?

15 Articles

All
Left
Center
2
Right
The RegisterThe Register
Center

Ripple NPM supply chain attack hunts for private keys

: A mystery thief and a critical CVE involved in crypto cash grab

Read Full Article
Tech RadarTech Radar
Center

Ripple cryptocurrency software library hit by major security issue, wallets under threat

Malicious commits were uploaded to NPM but quickly removed.

·United Kingdom
Read Full Article
Coin EditionCoin Edition

Crypto-Stealing Backdoor Found in Official XRP Ledger NPM Package

XRP Ledger’s official NPM package was injected with a crypto-stealing backdoor. The affected NPM versions are 4.2.1 to 4.2.4 and 2.14.2. Users must upgrade to patched versions and rotate private keys. A supply chain attack compromised the official XRP Ledger JavaScript SDK, injecting a backdoor into specific versions of NPM. A backdoor in specific NPM versions targeted private key theft, putting connected XRP wallets at risk.  SlowMist issued a …

Read Full Article
MaxBitMaxBit

XRP Ledger SDK Compromised by Backdoor Exploit – MAXBIT

The XRP Ledger Foundation has warned about a security vulnerability in the official JavaScript SDK, which interacts with the XRPL. On April 21, Aikido Security revealed that several versions of its Node Package Manager (NPM) software were compromised and published, containing a backdoor that could steal private keys from users. Security Flaw in Developer Kit...

Read Full Article
thecryptocurrencypost.netthecryptocurrencypost.net

XRP Ledger Blocks Attempted Attack on Its Infrastructure - The Cryptocurrency Post

TL;DR A hacker attempted to attack the XRP Ledger infrastructure by compromising an NPM token and distributing malicious versions of xrpl.js. Aikido Security detected five tampered versions, and the XRP Ledger Foundation released a secure update without affecting the project’s core. Ripple Labs closed its legal dispute with the SEC after more than three years, agreeing to pay $50 million and recover another $75 million. An attempted attack agai…

Read Full Article
Bitcoin Ethereum NewsBitcoin Ethereum News

URGENT: XRPL Security Alert - Backdoor Found in NPM Package Threatens Private Keys

The post URGENT: XRPL Security Alert – Backdoor Found in NPM Package Threatens Private Keys appeared on BitcoinEthereumNews.com. URGENT: XRPL Security Alert – Backdoor Found in NPM Package Threatens Private Keys – BitcoinWorld Skip to content Home News Crypto News URGENT: XRPL Security Alert – Backdoor Found in NPM Package Threatens Private Keys Source: https://bitcoinworld.co.in/xrpl-security-alert-npm/

Read Full Article
Think freely.Subscribe and get full access to Ground NewsSubscriptions start at $9.99/yearSubscribe

Bias Distribution

  • 100% of the sources are Center
100% Center
Factuality

To view factuality data please Upgrade to Premium

Ownership

To view ownership data please Upgrade to Vantage

TokenPost broke the news in on Wednesday, April 23, 2025.
Sources are mostly out of (0)

Similar News Topics

Cryptocurrency

Cryptocurrency

Blockchain

Blockchain

Infrastructure

Infrastructure

You have read out of your 5 free daily articles.

Join us as a member to unlock exclusive access to diverse content.

News
For You
SearchBlindspotLocal