The XRPL.js JavaScript library for interacting with the XRP Ledger was compromised in a supply chain attack, targeting user private keys. The malicious code was introduced by a user believed to pose as a Ripple employee, affecting versions 4.2.1 to 4.2.4 and 2.14.2. The exploit facilitates data transmission to an external domain. Users are urged to update to secure versions 4.2.5 and 2.14.3. This incident highlights vulnerabilities in software supply chains and poses significant risks given the library's popularity and extensive usage.
The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who introduced a backdoor to steal cryptocurrency private keys.
The malicious code changes were introduced by a user named 'mukulljangid', indicating their npm account was compromised to enable the attack.
Collection
[
|
...
]