- The malicious code in XRPL.js versions 4.2.1–4.2.4 revealed user private keys through a concealed backdoor.
- Platforms and developers who use affected versions should check all their operations for risks by downgrading to secure releases while immediately halting all unsafe operations.
- The CTO of Ripple verified the issue which led him to advise developers against upgrading systems until verified safe releases become available.
A new security alert has emerged from the XRP Ledger ecosystem after malicious versions of the widely used XRPL.js package were discovered on the NPM registry. This issue, which was confirmed by Ripple Chief Technology Officer David Schwartz via social media, involves the compromise of several recently released versions of XRPL.js — specifically versions 4.2.1 through 4.2.4. These targeted versions of the XRPL.js package include a hidden encryption key system which allows unapproved entities to retrieve user private keys for unauthorized transfers.
Malicious XRPL.js Package Threatens User Data Across XRP Services
The XRP Ledger maintains its functionality but the security issue presents critical risks to developers and service providers who recently adopted the newly released versions of the package. Only the malicious code appears in the NPM-distributed package whereas the official GitHub repository contains no threats.
Industrial use of XRPL.js occurs for transaction management on the XRP Ledger through wallets and exchanges along with decentralized applications. Any service or tool using these vulnerable versions of XRPL.js could unintentionally leak important user data which includes both private keys and seed phrases.
XRPL.js Backdoor Prompts Urgent Security Checks
Security specialists together with XRP ecosystem members demand developers and platform operators to execute immediate verification of their implementations. Systems that received the compromised versions during the past 24 hours face an immediate risk which requires either offline operation or update installation of secure versions.
Additionally, users are advised to avoid interacting with services that request access to their private credentials until those platforms have issued a statement confirming they are unaffected. When activated the backdoor would steal delicate cryptographic information without users realizing it thus making them vulnerable to fund theft.
XRPL.js Users Advised to Delay Upgrades Amid Security Review
Therefore those using XRPL.js with versions below 4.2.1 maintain security whereas users need to delay upgrades according to official instructions. Security audits alongside detailed investigations are in progress for complete incident assessment.
The discovery emphasizes the need for secure distribution methods for software and demonstrates the challenges of third-party applications in blockchain development. The official channels will provide additional information as events progress at this critical moment.
