XRP, a cryptocurrency, recently experienced a major security breach. The breach occurred in one of XRP Ledger’s JavaScript libraries called xrpl.js. This library was compromised in a software supply chain attack, which resulted in the exposure of users’ private keys.
The security flaw was discovered by Aikido Security and confirmed by Ripple’s Chief Technology Officer, David Schwartz. It was found that specific versions of the Node Package Manager (NPM) library were affected. However, major XRP services like Xaman Wallet and XRPScan stated that they were not impacted.
The affected versions of xrpl.js were 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. Fortunately, the issue has been resolved in newer versions 4.2.5 and 2.14.3.
A Bitcoin developer named Peter Todd criticized Ripple for not using secure methods, like PGP signatures, to verify their code. He had previously warned about security risks in Ripple’s software due to the lack of proper security measures. Todd pointed out that this recent attack could have been prevented if Ripple had implemented PGP signatures.
The attacker introduced a malicious code into the xrpl.js package on April 21, 2025, and added a new function to steal private keys. They gained access through a compromised Ripple employee’s npm account. The attacker used multiple versions of the library within a short period to avoid detection. However, there is no evidence of a backdoor in the GitHub repository.
The XRP Ledger foundation clarified that the compromised versions of xrpl.js have been removed. They advised developers to use versions 4.2.5 or 2.14.3 and mentioned that a detailed report will be released soon.
This incident has raised concerns about software security, especially in the cryptocurrency industry where customer support and large amounts of money are involved.
Note: Investments carry market risks. Please invest carefully. We do not accept responsibility for any financial losses.
