The post XRP Faces Serious Security Breach, Private Keys Compromised appeared first on Coinpedia Fintech News
Recently, XRP faced a major security breach involving one of XRP Ledger’s JavaScript libraries. The Ripple npm JavaScript library named xrpl.js was compromised in a software supply chain attack which exposed users’ private keys.
The security flaw was flagged by Aikido Security and was confirmed by Ripple CTO David Scwartz. The issue affects specific versions of the Node Package Manager (NPM) library, but major XRP services like Xaman Wallet and XRPScan confirmed they were unaffected.
The affected versions were 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. However, the issue has been fixed in newer versions 4.2.5 and 2.14.3.
Peter Todd, a Bitcoin developer pointed out that a decade after he warned of security risks in Ripple’s software due to lack of proper security measures like PGP signing, there’s a Ripple backdoor due to an npm compromise. He criticized Ripple for not using a secure method (PGP signatures) to verify their code, which could have prevented this attack.
10 years after I pointed out the risk of a Ripple backdoor due to Ripple not PGP signing their software or providing any other way to get it securely… there's a a Ripple backdoor due to an npm compromise.
https://t.co/5Z3x68KeB5 pic.twitter.com/IkR3sG3pfd
— Peter Todd (@peterktodd) April 23, 2025
Todd also admitted that his own Python Library is not PGP signed for most users due to PyPi phasing out PGP signatures. He criticised the software industry as ‘incompetent’ stressing that he has no control over it.
A user named “mukulljangid” introduced a malicious code into the xrpl.js package starting April 21, 2025 and also introduced a new function to steal private keys and send them to an external domain. The attacked gained access through a compromised Ripple employee’s npm account. Besides, the attacker used multiple versions in a short time to avoid detection, but there is no evidence of a backdoor in the GitHub repository.
The XRP Ledger foundation issued a clarification and confirmed that compromised versions of xrpl.js have been removed. Developers are advised to use versions 4.2.5 or 2.14.3, with a detailed report coming soon.
The incident has sparked concerns over software security, especially in crypto where customer support and huge sums of money are involved.
