XRP Ledger Foundation Acts Fast on XRPL.js Bug; Threat Neutralized

Backdoor in XRPL.js NPM packages exposed private keys in versions 4.2.1 to 4.2.4 Only the NPM distribution was compromised, GitHub repository remains unaffected Version 4.2.5 released quickly to patch vulnerability and secure developer environments A critical security breach has rattled the XRP development community following discovery of a backdoor in XRPL.js package versions 4.2.1 through 4.2.4 on NPM. The malicious code, present in versions 4.2.1 through 4.2.4, was capable of stealing users’ private keys and transmitting them to attackers. This prompted Ripple’s Chief Technology Officer, David Schwartz, to issue a public warning. Developers using these compromised versions are strongly advised to treat any exposed credentials as compromised. Critical warning for anyone using XRPL.js from NPM. https://t.co/3zV45jNT1t — David “JoelKatz” Schwartz (@JoelKatz) April 22, 2025 Breach Limited to NPM; Core Ledger Safe The breach, first reported by Aikido Security, revealed the NPM distribution of XRPL.js was altered with key-stealing code; the GitHub repository was not affected. This suggests only the NPM channel was compromised. Related: Ripple’… The post XRP Ledger Foundation Acts Fast on XRPL.js Bug; Threat Neutralized appeared first on Coin Edition .

Source: Coin Edition