Hackers Breach Ripple’s XRPL Developer Toolkit in Major Supply Chain Attack
Flash
April 23, 2025 2:30 PM
In Brief:
Ripple confirms a supply chain attack on its xrpl.js NPM package, affecting some DeFi wallets.
No major thefts reported yet, but private key access was possible through malicious code.
Ripple has disclosed a serious supply chain attack targeting the XRP Ledger (XRPL) through its widely used xrpl.js package on Node Package Manager (NPM). The compromised software development kit, which sees over 140,000 weekly downloads, was used by several DeFi wallets building on XRPL.
According to blockchain security firm Aikido, attackers slipped a backdoor into five recent updates of the package, giving them the ability to access private keys and potentially drain wallets. Ripple has since deprecated the affected versions and issued security alerts through official channels.
Although the XRP Ledger itself remains unaffected, the incident highlights a broader vulnerability in software distribution. NPM is a popular system for distributing code packages, and any compromised package can silently spread malicious code to thousands of apps and developers.
Ripple CTO David Schwartz and engineer Mayukha Vadari confirmed the breach, with the XRP Ledger Foundation noting that many top DeFi wallets were not affected. Still, with over $80 million in DeFi assets held on XRPL, even a limited breach could be damaging.
The full scope of the impact is not yet known. A detailed postmortem report is expected from Ripple and the XRP Ledger Foundation.
Disclaimer: Backdoor provides informational content only, it is not offered or intended to be used as legal, tax, investment, financial, or other advice. Investments in digital assets involve risk, and past performance does not guarantee future results. We recommend conducting your own research before making any investment decisions.
What's more
.png){kind=small}
© Backdoor 2024