Ripple has identified a critical supply chain attack on the XRP Ledger. This vulnerability doesn’t impact the entire Ledger, only DeFi wallets using the official xrpl.js package from NPM (Node Package Manager).
It’s unclear how much user money was compromised in this sophisticated attack, but Ripple claims that it deprecated the compromised packages. Several major DeFi wallets didn’t download this package, and no huge thefts have been reported yet.
Security Breach on the XRP Ledger
This XRPL breach was first identified by Aikido, a blockchain security firm. It found five suspicious updates to the xrpls.js package on Ripple’s NPM.
This is Ripple’s official software development kit, featuring more than 140,000 downloads weekly. Hackers installed a sophisticated backdoor into this package, enabling private key theft and wallet access.
A breach of this nature represents a dire threat to XRP, to the extent that Ripple CTO David Schwartz posted official warnings about it. Mayukha Vadari, a senior software engineer with the firm, also went into greater detail about the nature of this vulnerability.
At first, this might seem like a small issue, as the breach didn’t directly harm the XRP Ledger (XRPL). However, this hack was propagated through Ripple’s official channels, exposing many users to harm.
To get a sense of the scale, DeFi wallets on XRPL currently hold about $80 million in user deposits. Accessing a tiny chunk of this sum would indeed be a huge theft.
NPM is the distribution system, and compromising a high-trust package in it creates a powerful attack vector—a supply chain attack targeting developers and infrastructure rather than end-users directly.
A compromised NPM package can affect thousands of apps. When an attacker injects malicious code, like a backdoor, into a popular NPM package, any application or developer that installs or updates that package unknowingly introduces the malware into its own environment.
The XRP Ledger Foundation confirmed that several major DeFi wallets were not exposed and further stated that it deprecated the compromised xrpl.js versions. It also plans to publish a full postmortem analysis.
Also, hackers managed to compromise the official library for DeFi protocols that wish to interact with XRP. A sophisticated operation like that could have consequences.
Uphold
eToro
eToro
eToro
eToro
Plus500
Coinbase
Moonacy
Disclaimer
In adherence to the Trust Project guidelines, BeInCrypto is committed to unbiased, transparent reporting. This news article aims to provide accurate, timely information. However, readers are advised to verify facts independently and consult with a professional before making any decisions based on this content. Please note that our Terms and Conditions, Privacy Policy, and Disclaimers have been updated.
