Menu

Categories:

Hot right now:

Follow on:

Coinsurges provides coverage of fintech, blockchain, and Bitcoin, delivering the most recent news and analyses on the future of money. Stay up-to-date with live prices, charts, and trading options for the top exchanges. Keep track of the day's top cryptocurrency gainers and losers, as well as which coins have experienced gains and losses in the past 24 hours.
Trust Coinsurges as your go-to source for all news and updates in the industry.

Menu

Categories:

Hot right now:

Follow on:

Coinsurges provides coverage of fintech, blockchain, and Bitcoin, delivering the most recent news and analyses on the future of money. Stay up-to-date with live prices, charts, and trading options for the top exchanges. Keep track of the day's top cryptocurrency gainers and losers, as well as which coins have experienced gains and losses in the past 24 hours.
Trust Coinsurges as your go-to source for all news and updates in the industry.

XRP Faces Serious Security Breach, Private Keys Compromised

Share This Post

The post XRP Faces Serious Security Breach, Private Keys Compromised appeared first on Coinpedia Fintech News

Recently, XRP faced a major security breach involving one of XRP Ledger’s JavaScript libraries. The Ripple npm JavaScript library named xrpl.js was compromised in a software supply chain attack which exposed users’ private keys. 

The security flaw was flagged by Aikido Security and was confirmed by Ripple CTO David Scwartz. The issue affects specific versions of the Node Package Manager (NPM) library, but major XRP services like Xaman Wallet and XRPScan confirmed they were unaffected.

The affected versions were 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. However, the issue has been fixed in newer versions 4.2.5 and 2.14.3. 

Peter Todd, a Bitcoin developer pointed out that a decade after he warned of security risks in Ripple’s software due to lack of proper security measures like PGP signing, there’s a Ripple backdoor due to an npm compromise. He criticized Ripple for not using a secure method (PGP signatures) to verify their code, which could have prevented this attack.

Todd also admitted that his own Python Library is not PGP signed for most users due to PyPi phasing out PGP signatures. He criticised the software industry as ‘incompetent’ stressing that he has no control over it. 

A user named “mukulljangid” introduced a malicious code into the xrpl.js package starting April 21, 2025 and also introduced a new function to steal private keys and send them to an external domain. The attacked gained access through a compromised Ripple employee’s npm account. Besides, the attacker used multiple versions in a short time to avoid detection, but there is no evidence of a backdoor in the GitHub repository.

The XRP Ledger foundation issued a clarification and confirmed that compromised versions of xrpl.js have been removed. Developers are advised to use versions 4.2.5 or 2.14.3, with a detailed report coming soon.

The incident has sparked concerns over software security, especially in crypto where customer support and huge sums of money are involved.

Read Entire Article
spot_img
- Advertisement -spot_img

Related Posts

Analyst Identifies When Bitcoin Price Will Reach Cycle Top — Here’s The Timeline

The Bitcoin price appeared to have reached its top in this current cycle, embarking on a downward trend after notching a new all-time high of $108,786 at the beginning of the year The story seems to

Report: South Korea to Allow Free Crypto Trading for Non-Profits, Exchanges in June

Beginning in June, South Korean nonprofit organizations and virtual asset exchanges will be permitted to trade digital assets freely Exchanges can sell virtual assets under strict regulatory

Vitalik Buterin Proposes ‘Simplifying’ Ethereum Like Bitcoin — Details

In a significant update to the protocol’s long-term roadmap, Ethereum co-founder Vitalik Buterin has called for the simplification of ETH’s base protocol to make the network more efficient

Coinbase Quietly Holds 2.7  Million Bitcoin Under Management, Worth About $261 Billion

Coinbase quietly guards a digital war chest of 27 million bitcoin, with Wall Street giants, tech titans, and mining firms all locking their crypto fortunes behind its walls Digital Fort Knox Onchain

Cup-And-Handle Pattern Signals Altseason Ready For Launch – Analyst

Prominent crypto analyst Gert Van Lagen has shared a positive market prediction hinting that the altseason may soon begin Based on a fully formed bullish pattern, the Dutch market expert postulates

Arizona State Governor Vetoes Bitcoin Reserve Bill – Details

Arizona State Governor Katie Hobbs has vetoed a legislative bill that would have allowed the creation of a Bitcoin reserve The Grand Canyon state joins a growing list of other US states where