- XRP Ledger recently faced a major security threat after a vulnerability was discovered in its
xrpl.jsJavaScript library, which could have allowed attackers to steal private keys and access user wallets. - Developers have since patched the issue, which stemmed from a supply chain attack, but it highlights serious risks in blockchain development tools.
In a recent scare that threatened the entire XRP ecosystem, security researchers discovered a serious vulnerability in one of the XRP Ledger’s key JavaScript libraries—xrpl.js—which developers use to interact with the blockchain. The development team has since patched the issue, but not before it raised concerns about supply chain attacks in Web3 development.
Malicious Code Found in Key XRP Ledger Library
The security incident was first uncovered by Aikido Security, a blockchain-focused cybersecurity firm. They reported that versions 4.2.1 to 4.2.4 of the xrpl.js library contained malicious code that effectively acted as a backdoor. This vulnerability could have allowed hackers to steal private keys and drain user wallets, potentially causing devastating losses.
🚨We have discovered a backdoor in the official #xrpl NPM package. This back door steals private keys and sends them to attackers. The affected versions 4.2.1 – 4.2.4, if you are using an earlier version, do not upgrade.#crypto #malware #npm pic.twitter.com/wshcTFKjbR
— Aikido Security (@AikidoSecurity) April 22, 2025
The XRP Ledger Foundation maintains the affected library, and Ripple also recommends it, which makes the compromise especially alarming. Fortunately, the developers quickly patched the vulnerability and updated the repositories to prevent further damage..
Sophisticated Supply Chain Attack Suspected
According to Charlie Eriksen, a malware researcher at Aikido Security, the breach appears to be a supply chain exploit, a method that’s becoming increasingly common in the blockchain space. Eriksen pointed to a likely compromise of a Ripple employee’s npm account, registered under the username ‘mukulljangid’, which attackers may have used to push the malicious versions of the library.
“These attackers inserted a backdoor to exfiltrate private keys, wallet seeds, and mnemonic phrases,” Eriksen explained. The attackers were transmitting the stolen data to a malicious domain—0x9c[.]xyz.
Users Urged to Avoid Affected Versions
Aikido Security has strongly advised developers and users to steer clear of versions 4.2.1 to 4.2.4, even warning that upgrading from earlier safe versions to any of these could pose serious risks. The rapid rollout of compromised versions also suggests that attackers were experimenting with techniques to avoid detection, indicating a high level of sophistication.
A Wake-Up Call for Blockchain Security
Although the team quickly addressed the breach, the incident clearly highlights the growing threats in blockchain development, especially involving widely used open-source tools. The XRP Ledger community narrowly avoided a major crisis, but this attack will likely leave lasting lessons across the crypto ecosystem.
DISCLAIMER:
The views and opinions expressed herein are solely those of the author and do not necessarily reflect the views of the publisher. The publisher does not endorse or guarantee the accuracy of any information presented in this article. Readers are encouraged to conduct further research and consult additional sources before making any decisions based on the content provided.
