Menu

Categories:

Hot right now:

Follow on:

Coinsurges provides coverage of fintech, blockchain, and Bitcoin, delivering the most recent news and analyses on the future of money. Stay up-to-date with live prices, charts, and trading options for the top exchanges. Keep track of the day's top cryptocurrency gainers and losers, as well as which coins have experienced gains and losses in the past 24 hours.
Trust Coinsurges as your go-to source for all news and updates in the industry.

Menu

Categories:

Hot right now:

Follow on:

Coinsurges provides coverage of fintech, blockchain, and Bitcoin, delivering the most recent news and analyses on the future of money. Stay up-to-date with live prices, charts, and trading options for the top exchanges. Keep track of the day's top cryptocurrency gainers and losers, as well as which coins have experienced gains and losses in the past 24 hours.
Trust Coinsurges as your go-to source for all news and updates in the industry.

XRP Faces Serious Security Breach, Private Keys Compromised

Share This Post

The post XRP Faces Serious Security Breach, Private Keys Compromised appeared first on Coinpedia Fintech News

Recently, XRP faced a major security breach involving one of XRP Ledger’s JavaScript libraries. The Ripple npm JavaScript library named xrpl.js was compromised in a software supply chain attack which exposed users’ private keys. 

The security flaw was flagged by Aikido Security and was confirmed by Ripple CTO David Scwartz. The issue affects specific versions of the Node Package Manager (NPM) library, but major XRP services like Xaman Wallet and XRPScan confirmed they were unaffected.

The affected versions were 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. However, the issue has been fixed in newer versions 4.2.5 and 2.14.3. 

Peter Todd, a Bitcoin developer pointed out that a decade after he warned of security risks in Ripple’s software due to lack of proper security measures like PGP signing, there’s a Ripple backdoor due to an npm compromise. He criticized Ripple for not using a secure method (PGP signatures) to verify their code, which could have prevented this attack.

Todd also admitted that his own Python Library is not PGP signed for most users due to PyPi phasing out PGP signatures. He criticised the software industry as ‘incompetent’ stressing that he has no control over it. 

A user named “mukulljangid” introduced a malicious code into the xrpl.js package starting April 21, 2025 and also introduced a new function to steal private keys and send them to an external domain. The attacked gained access through a compromised Ripple employee’s npm account. Besides, the attacker used multiple versions in a short time to avoid detection, but there is no evidence of a backdoor in the GitHub repository.

The XRP Ledger foundation issued a clarification and confirmed that compromised versions of xrpl.js have been removed. Developers are advised to use versions 4.2.5 or 2.14.3, with a detailed report coming soon.

The incident has sparked concerns over software security, especially in crypto where customer support and huge sums of money are involved.

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

Dogecoin Falling Wedge Breakout Puts Bulls In Charge, Target Moves Up To $0.62

Crypto analyst Rose has highlighted a bullish pattern for the Dogecoin price, which puts the DOGE bulls firmly in control Based on this, the analyst predicts that the meme coin could at some point

Here’s 5 Key Reasons Why BlackRock Isn’t Filing For XRP ETF Now!

The post Here’s 5 Key Reasons Why BlackRock Isn’t Filing For XRP ETF Now! appeared first on Coinpedia Fintech News BlackRock, the world’s largest asset manager with AUM of $116 trillion, has

Behind-the-Meter Bitcoin Mining: Sangha Renewables Breaks Ground on 20 MW Texas Site

Sangha Renewables is turning West Texas sunshine into bitcoin, breaking ground on a 20 MW mining facility powered by solar energy—and nearly hitting its $17 million equity target with $14 million

The XRP Rebound Blueprint: Double Bottom Could Fuel A Run To $2.80 Resistance

In a recent update on X, market analyst CRYPTOWZRD highlighted a developing double bottom formation on the XRPBTC chart, suggesting a possible bullish reversal may be underway Although XRP ended the

OpenAI ventures into hardware with $6.4B deal for legendary designer Jony Ive’s startup io

OpenAI announced on May 21 that it will acquire Jony Ive’s artificial intelligence hardware startup io in an all-equity transaction valued at approximately $64 billion, according to a report by

Pakistan Launches Digital Asset Authority to Regulate Crypto, Targeting $25B Market

The post Pakistan Launches Digital Asset Authority to Regulate Crypto, Targeting $25B Market appeared first on Coinpedia Fintech News Pakistan is officially stepping into the world of digital finance