Crypto Malware Found in XRP Toolkit: Developers Advised to Update
Altcoins/Security

Crypto Malware Found in XRP Toolkit: Developers Advised to Update

A security flaw in the XRP ecosystem has led to the discovery of a malicious code that can steal private keys from users' wallets.

Trade with eToro

Trade with eToro

Open an account

Trade on XM

Trade on XM

Open an account

Overview

A significant security alert has been raised regarding a JavaScript library widely utilized within the XRP ecosystem. Recently, a backdoor was discovered in the commonly used xrpl.js library that poses a risk to private keys stored in wallets leveraging this software.

Discovery and Response

On April 21, Aikido Security reported that five unauthorized and dubious versions of xrpl.js appeared on npm, all linked to an unnamed publisher named mukulljangid. These versions were absent from the official GitHub repository, which raised serious concerns.

🚨We have discovered a backdoor in the official #xrpl NPM package. This backdoor steals private keys and sends them to attackers. The affected versions 4.2.1 – 4.2.4; if you are using an earlier version, do not upgrade.

— Aikido Security (@AikidoSecurity) April 22, 2025

Upon reviewing the code, Aikido found a function for verifying seed validity that stealthily dispatched private keys to an external domain, inadvertently compromising user credentials.

In immediate response, the XRP Ledger Foundation removed the affected versions from npm and promoted an updated secure version (4.2.5) for all developers.

Impact of the Vulnerability

This vulnerability was not a minor issue. The xrpl.js library is a crucial component for XRP developers with over 140,000 weekly downloads; consequently, any project that used the tainted versions could have unintentionally endangered user accounts even without their knowledge.

Fortunately, many established platforms within the XRP ecosystem such as XRPScan and Gen3 Games reported that they were unaffected. Nonetheless, this incident underscores the inherent risks present in software supply chains, particularly in the crypto sector.

Despite the unfolding security drama, XRP’s market price grew by over 3.5%, sustaining a market cap exceeding $125 billion during this period.

Recommendations for Developers

  1. Upgrade to version 4.2.5 or revert to version 2.14.3 if necessary.
  2. Rotate private keys if any version was suspected in your environment.
  3. Use lockfiles to restrict unapproved updates.
  4. Be cautious of version symbols in your package.json file to avoid unintended updates.

Conclusion

This event highlights the potential vulnerabilities of software supply chains and the importance of constant vigilance in the rapidly evolving crypto landscape.

Next article

Trump Media Partners With Crypto.com to Introduce American-Made Crypto ETFs

Newsletter

Get the most talked about stories directly in your inbox

Every week we share the most relevant news in tech, culture, and entertainment. Join our community.

Your privacy is important to us. We promise not to send you spam!