News 
Coin Information 
About us 
Customer Service 
Ripple’s Chief Technology Officer David Schwartz has issued an urgent warning to XRP Ledger (XRPL) developers about malicious code in recent versions of the popular JavaScript library xrpl.js. The compromised versions, distributed via NPM, could steal private keys by sending them to an unknown domain. While end users of trusted XRP wallets like Xumm are largely unaffected, developers using these versions are at high risk.
Security firm Aikido Security, leveraging its AI-driven threat detection system, identified the suspicious code, which wasn’t present in the official GitHub repository—raising immediate red flags. According to Aikido, the affected SDK versions had been tampered with to include code that exfiltrates private keys, potentially compromising wallets tied to these keys. Users who installed the malicious versions are advised to assume their private keys have been compromised.
The XRP Ledger Foundation has since removed the malicious packages from NPM. Mayukha Vadari, a senior engineer at RippleX, confirmed that the ledger itself remains secure and was not affected by the incident. Aikido Security is actively investigating the origin of the attack and suspects it follows a familiar pattern seen in previous software supply chain breaches.
This incident highlights growing cybersecurity threats in blockchain development, especially with widely used open-source tools. Developers are urged to verify sources and rely only on officially maintained repositories. Despite this scare, XRP Ledger’s core infrastructure remains intact and secure, according to all official statements.
Comment 0