Hacker Attack Via JavaScript Library Affects XRP Users
Date: 2025-04-23 Author: Henry Casey Categories: CRYPTO PAYMENTS
Aikido Security has discovered that the official XRP Ledger SDK stack has been attacked. The malicious activity was linked to the xrpl.js JavaScript library, which was injected with a backdoor designed to steal cryptocurrency.
Researcher Charlie Ericksen reported that on April 21, a user under the pseudonym mukulljangid pushed five new versions of the xrpl.js library via NPM. The lack of these updates in the official GitHub repository raised suspicions, which was the first warning sign. Upon further analysis, malicious code was found in the packages, aimed at stealing private keys and gaining access to users’ crypto wallets.
Eriksen noted that the attacker carefully approached the implementation of the attack, experimenting with various methods of introducing malicious code while trying to remain unnoticed. His actions seemed well-planned and technically thought out.
The XRP Ledger Foundation hastened to assure users that the vulnerability did not affect the source code of the blockchain network and official repositories on GitHub. However, the developers recommended updating the library to the safe version xrpl.js 4.2.5 as soon as possible.
The versions with malicious code - 4.2.1, 4.2.2, 4.2.3, 4.2.4 and v2.14.2 - were withdrawn from NPM. The team promised to publish a detailed report on the incident in the near future.
XRP Ledger representatives also reported that large projects such as Xaman Wallet, XRPScan and First Ledger were not affected and are operating normally. Despite this, the incident showed how important it is to regularly check dependencies and library updates, especially in the blockchain space, where any vulnerability can lead to direct financial losses.
