XRP Ledger Foundation issues urgent patch for compromised XRPL SDK

The XRP LEDGER Foundation has corrected critical vulnerability within its official JavaScript SDK which could have allowed attackers to fly private keys and empty cryptocurrency wallets.

On April 22, the XRP Ledger Foundation released An updated version of the NPM XRP LEDGER package, deleting the compromise code and restoration of safe features for developers who are built on the network.

The NPM XRPL package is the official JavaScript / TypeScript library to interact with the large XRP book. Developers use it to connect to the network, manage portfolios, send transactions and create decentralized applications using XRPL features.

The update occurred a few hours after the Aikido Blockchain Security Company reported a suspicious activity in five newly published versions of the library.

According to Aikido reportBad Actors had published false versions of the NPM package, starting with 4.2.1. These versions did not correspond to any official version on GirubA first red flag that helped Aikido automated systems to detect the anomaly.

In particular, the bad actors had “put in a stolen door to steal private cryptocurrency keys and access cryptocurrency wallets”.

These thugs packages included hidden code which siphoneed private keys in pingent a malicious area 0x9c.xyz controlled by them. The malicious function has been triggered each time a new portfolio was created, effectively handing over fund control to the attacker.

Aikido described the vulnerability of “potentially catastrophic”, calling it one of the worst types of crypto supply chain attacks.

Since the XRPL package sees more than 140,000 weekly downloads and is integrated into hundreds of thousands of websites and applications, the stolen door had the potential to compromise a massive band of the XRP ecosystem almost silently.

The attacker was also seen refining the malicious plans with each version. The first versions (4.2.1 and 4.2.2) include changes only in the JavaScript files built, likely to avoid triggering suspicions during typical code reviews. Subsequent versions, such as 4.2.3 and 4.2.4, injected the malicious code directly into the source files of Typecript, allowing the payload to persist on the versions.

Aikido researchers urged users to immediately stop using the affected versions and rotate all private keys or seed sentences that may have been exposed. They also recommended to scan network newspapers for connections to the 0x9c.xyz domain and the upgrading of correct versions, 4.2.5 or 2.14.3, to ensure continuous safety.

In follow -up updates, the foundation confirmed The fact that the compromised plans were deleted and the key projects, such as XRPSCAN, First Ledger and Gen3, were not affected.

The incident has not failed in traders; XRP was up 7.4% in the last 24 hours, trading at $ 2.24 when writing the editorial’s time.

As before reported By crypto.News, the XRP LEDGER was faced with another major incident earlier this year when a disruption of the validation of transactions interrupted the network for almost an hour on February 5. However, no data loss was reported during the incident.