News 
Coin Information 
About us 
Customer Service 
Prominent Bitcoin developer Peter Todd, recently spotlighted as the most likely Satoshi Nakamoto in a 2024 HBO documentary, has criticized Ripple following the discovery of a backdoor in a JavaScript library used for the XRP Ledger (XRPL). The vulnerability, initially flagged by Aikido Security and acknowledged by Ripple CTO David Schwartz, allows private keys to be sent to a suspicious domain—posing a serious threat to users of compromised versions of the XRPL SDK.
Todd took to social media to remind the community that he had warned about such risks nearly a decade ago. At the time, he published a paper criticizing Ripple for not verifying their code with cryptographic PGP signatures. Without this verification, he argued, attackers could inject malicious code and distribute fake software—precisely the kind of breach now confirmed through a compromised NPM package.
In a candid moment, Schwartz admitted that Todd’s earlier security concerns were valid “at that time.” Ironically, Todd’s own bitcoin-related library, python-bitcoinlib, currently lacks PGP signatures as well—though he blames the Python Package Index (PyPi) for discontinuing support for signed downloads. "My hands are tied," Todd said, calling the broader software industry "incompetent."
The controversy has reignited debate over software supply chain security, especially in the crypto space where millions of dollars—and user trust—are at stake. As Ripple works to contain the fallout, the incident underscores the critical need for robust security standards and code verification practices across blockchain development platforms.
Comment 0