{"id":23313,"date":"2025-04-23T10:49:55","date_gmt":"2025-04-23T07:49:55","guid":{"rendered":"https:\/\/forklog.com\/en\/hacker-targets-xrp-owners-via-javascript-library\/"},"modified":"2025-04-23T10:49:55","modified_gmt":"2025-04-23T07:49:55","slug":"hacker-targets-xrp-owners-via-javascript-library","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/hacker-targets-xrp-owners-via-javascript-library\/","title":{"rendered":"Hacker Targets XRP Owners via JavaScript Library"},"content":{"rendered":"<p>A malicious actor compromised the official <span data-descr=\"a set of development tools\" class=\"old_tooltip\">SDK<\/span> stack for the XRP Ledger by installing a backdoor to steal cryptocurrency in a JavaScript library. The vulnerability was discovered by experts at Aikido Security.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">We just published our technical breakdown <a href=\"https:\/\/t.co\/aAvSN2a68S\">https:\/\/t.co\/aAvSN2a68S<\/a><\/p>\n<p>\u2014 Aikido Security (@AikidoSecurity) <a href=\"https:\/\/twitter.com\/AikidoSecurity\/status\/1914650710060281887?ref_src=twsrc%5Etfw\">April 22, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>On April 21, security researcher Charlie Eriksen noticed that a user with the nickname mukulljangid released five new versions of the xrpl.js library via the NPM package manager. The expert&#8217;s attention was drawn to the fact that the releases did not appear in the official GitHub repository.<\/p>\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" src=\"https:\/\/forklog.com\/wp-content\/uploads\/6807712cb726f72ce0db0f3a_AD_4nXexA1pPTGOs8ZI-XLhzIydcCWhPJwm7_EPNRipw4zUvu2fcHfJfk85gP05xuZPg7uybUAezgeWyiJ5kYDPeJOQhzmT7Zbhlidj5Os-mg8UcB6UTIqU1iRBlgWxz_7cGdjZwZUgQzw.webp\" alt=\"6807712cb726f72ce0db0f3a_AD_4nXexA1pPTGOs8ZI-XLhzIydcCWhPJwm7_EPNRipw4zUvu2fcHfJfk85gP05xuZPg7uybUAezgeWyiJ5kYDPeJOQhzmT7Zbhlidj5Os-mg8UcB6UTIqU1iRBlgWxz_7cGdjZwZUgQzw\" class=\"wp-image-257327\"\/><figcaption class=\"wp-element-caption\">Source: Aikido Security.<\/figcaption><\/figure>\n<p>Further analysis revealed the presence of malicious code in the packages, which allowed for the theft of private keys and access to wallets.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>&#8220;The attacker was actively working on the attack, trying different ways to insert the backdoor while remaining as hidden as possible,&#8221; Eriksen noted.<\/p>\n<\/blockquote>\n<p>The XRP Ledger Foundation clarified that the vulnerability does not affect the network&#8217;s codebase or the GitHub repository. Developers strongly recommended that projects update the library to the patched version xrpl.js 4.2.5.<\/p>\n<blockquote class=\"twitter-tweet\" data-lang=\"en\">\n<p lang=\"en\" dir=\"ltr\">To clarify: This vulnerability is in xrpl.js, a JavaScript library for interacting with the XRP Ledger. It does NOT affect the XRP Ledger codebase or Github repository itself. Projects using xrpl.js should upgrade to v4.2.5 immediately.<\/p>\n<p>\u2014 XRP Ledger Foundation (Official) (@XRPLF) <a href=\"https:\/\/twitter.com\/XRPLF\/status\/1914726961445773652?ref_src=twsrc%5Etfw\">April 22, 2025<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>They have blocked support for the infected releases 4.2.1-4.2.4 and v2.14.2 in NPM and promised to publish a report on the incident later.<\/p>\n<p>According to the XRP Ledger team, several major blockchain projects such as Xaman Wallet, XRPScan, and First Ledger confirmed they were not affected by the attack.<\/p>\n<p>The price of the XRP token has risen by more than 8% in the past 24 hours, reaching $2.25, according to <a href=\"https:\/\/www.coingecko.com\/\">CoinGecko<\/a>.<\/p>\n<p>Back in February, the XRP Ledger network <a href=\"https:\/\/forklog.com\/en\/news\/ripple-explains-xrp-ledger-outage\">experienced a 64-minute outage<\/a>. The blockchain resumed operations after a reboot.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A malicious actor compromised the official SDK stack for the XRP Ledger by installing a backdoor to steal cryptocurrency in a JavaScript library. The vulnerability was discovered by experts at Aikido Security. We just published our technical breakdown https:\/\/t.co\/aAvSN2a68S \u2014 Aikido Security (@AikidoSecurity) April 22, 2025 On April 21, security researcher Charlie Eriksen noticed that [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":23312,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1301,112],"class_list":["post-23313","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-blockchain-vulnerabilities","tag-ripple"],"aioseo_notices":[],"amp_enabled":true,"views":"123","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/23313","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=23313"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/23313\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/23312"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=23313"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=23313"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=23313"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}