A critical security breach has rattled the XRP development community following discovery of a backdoor in XRPL.js package versions 4.2.1 through 4.2.4 on NPM. The malicious code, present in versions 4.2.1 through 4.2.4, was capable of stealing users’ private keys and transmitting them to attackers.
This prompted Ripple’s Chief Technology Officer, David Schwartz, to issue a public warning. Developers using these compromised versions are strongly advised to treat any exposed credentials as compromised.
The breach, first reported by Aikido Security, revealed the NPM distribution of XRPL.js was altered with key-stealing code; the GitHub repository was not affected. This suggests only the NPM channel was compromised.
Consequently, developers using trusted sources like GitHub remain unaffected. RippleX’s senior engineer Mayukha Vadari confirmed the core XRP Ledger is still safe and operating normally.
In less than 24 hours, the malicious versions were removed from NPM. A secure version, 4.2.5, has now been published as a fix. Additionally, users operating on the 2.x branch can safely use version 2.14.3. The quick action by the XRP Ledger Foundation and the broader Ripple development team helped contain what could have been a widespread threat.
The exploit raised concerns across the blockchain dev community, particularly services integrating XRPL.js. Wallet providers Xaman, First Ledger, and Gen3Games announced they were not compromised. The XRP Ledger Foundation also removed the malicious packages.
Just Now
Dear LBank User
Our online customer service system is currently experiencing connection issues. We are working actively to resolve the problem, but at this time we cannot provide an exact recovery timeline. We sincerely apologize for any inconvenience this may cause.
If you need assistance, please contact us via email and we will reply as soon as possible.
Thank you for your understanding and patience.
LBank Customer Support Team