Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Ripple’s xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

The Hacker News by The Hacker News
April 23, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Apr 23, 2025Ravie LakshmananBlockchain / Cryptocurrency

The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users’ private keys.

The malicious activity has been found to affect five different versions of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been addressed in versions 4.2.5 and 2.14.3.

Cybersecurity

xrpl.js is a popular JavaScript API for interacting with the XRP Ledger blockchain, also called the Ripple Protocol, a cryptocurrency platform launched by Ripple Labs in 2012. The package has been downloaded over 2.9 million times to date, attracting more than 135,000 weekly downloads.

“The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets,” Aikido Security’s Charlie Eriksen said.

The malicious code changes have been found to be introduced by a user named “mukulljangid” starting April 21, 2025, with the threat actors introducing a new function named checkValidityOfSeed that’s engineered to transmit the stolen information to an external domain (“0x9c[.]xyz”).

It’s worth noting that “mukulljangid” likely belongs to a Ripple employee, indicating that their npm account was hacked to pull off the supply chain attack.

The attacker is said to have tried different ways to sneak in the backdoor while trying to evade detection, as evidenced by the different versions released in a short span of time. There is no evidence that the associated GitHub repository has been backdoored.

Cybersecurity

It’s not clear who is behind the attack, but it’s believed that the threat actors managed to steal the developer’s npm access token to tamper with the library.

In light of the incident, users relying on the xrpl.js library are advised to update their instances to the latest version (4.2.5 and 2.14.3) to mitigate potential threats.

“This vulnerability is in xrpl.js, a JavaScript library for interacting with the XRP Ledger,” the XRP Ledger Foundation said in a post on X. “It does not affect the XRP Ledger codebase or Github repository itself. Projects using xrpl.js should upgrade to v4.2.5 immediately.”

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.





Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Amid uncertainty, Armis becomes newest CVE numbering authority | Computer Weekly

Amid uncertainty, Armis becomes newest CVE numbering authority | Computer Weekly

Recommended.

TE Connectivity completes acquisition of Richards Manufacturing

TE Connectivity completes acquisition of Richards Manufacturing

April 1, 2025
CTIA Names Preston Wise Senior Vice President of External and State Affairs

CTIA Names Preston Wise Senior Vice President of External and State Affairs

May 6, 2026

Trending.

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Anaconda Extends AI-Native Application Development With Acquisition

Anaconda Extends AI-Native Application Development With Acquisition

May 1, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio