XRP Ledger Compromised? Validator Warns Projects And Developers Of Critical Issues

bitcoinistPublicado em 2025-04-23Última atualização em 2025-04-23

Resumo

An XRP Ledger (XRPL) validator has warned projects and developers that the network is compromised. He revealed some critical issues...

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

An XRP Ledger (XRPL) validator has warned projects and developers that the network is compromised. He revealed some critical issues on the network, which put users and their funds at risk of an exploit. 

Validator Warns That XRP Ledger is Compromised

In an X post, XRP Ledger validator Vet told the network’s developers and projects that use the XRPL js library not to update or use any version 4.2.1 or higher, as it has been compromised. He remarked that any project utilizing the newest version of XRPL is putting users and funds at risk of an attack from hackers. 

Vet’s warning was in response to a post by Aikido Security, in which they stated that they had discovered a backdoor in the official XRP Ledger NPM package. The blockchain security firm added that this back door steals private keys and sends them to attackers. The affected versions are 4.2.1 and 4.2.4, so developers and projects should not upgrade to these versions. 

Ripple Chief Technology Officer (CTO) David Schwartz also commented on the Ledger situation, noting that it was just the XRPL.js from NPM that was compromised. He also alluded to a post by Ripple senior software engineer Mayukha Vadari. Vadari mentioned that the Ledger itself is unaffected by the malware. 

The engineer confirmed that the malware packages only affected services that use xrpl.js and were upgraded to the malicious versions that were published about a day ago. He added that GitHub remains safe, as only npm has been compromised. Vadari urged users to avoid services that have access to their private keys and seed phrases until they have confirmed that these services are unaffected by this malware. 

XRPL Foundation Provides Update 

The XRP Ledger Foundation also provided an update on the malware situation. In an X post, the Foundation clarified that the vulnerability is in xrpl.js, a JavaScript library for interacting with the XRPL. They further stated that the vulnerability does not affect the network’s codebase or the GitHub repository itself. Meanwhile, the Foundation urged projects using xrpl.js to upgrade to v4.2.5 immediately. 

The XRP Ledger Foundation also confirmed in the thread that it had deprecated the compromised xrpl.js versions on npm. They mentioned that they will share a detailed post-mortem soon and again urged projects and developers to ensure that they are using versions 4.2.5 or 2.14.3. 

In another X post, the Foundation announced that it has published an updated npm package for users of the 2.14.x branch to remove the previously compromised version. They asked these XRP Ledger users to update immediately to version 2.14.3 to prevent an attack. 

XRP
XRP trading at $2.2 on the 1D chart | Source: XRPUSDT on Tradingview.com
Featured image from YouTube, chart from Tradingview.com
Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.

Scott Matherson is a leading crypto writer at Bitcoinist, who possesses a sharp analytical mind and a deep understanding of the digital currency landscape. Scott has earned a reputation for delivering thought-provoking and well-researched articles that resonate with both newcomers and seasoned crypto enthusiasts. Outside of his writing, Scott is passionate about promoting crypto literacy and often works to educate the public on the potential of blockchain.

Leituras Relacionadas

Former Huawei 'Genius Teen' Who Questioned DeepSeek Interview Lands in 'Crossfire' from Web3 Investor

Former Huawei "Genius Youth" Li Bojie recently drew public attention by criticizing his interview experience with DeepSeek. The controversy escalated when Du Jun, co-founder of Web3 investment firm ABCDE Capital, publicly accused Li of being "the founder with the least sense of contractual spirit" he had ever cooperated with, sparking a dispute over Li's startup project, Metagent. Li detailed a frustrating DeepSeek interview where he was accused of potential plagiarism, leading him to end the session. The spotlight then shifted to his venture, Metagent, a Web3+AI project aiming to tokenize AI agents. ABCDE invested $1.5 million, with an initial $500k disbursed. Du Jun claimed the project's progress was severely lacking, with a poor-quality demo and minimal social media activity. He alleged Li stopped communicating, deleted his Telegram, and failed to provide proper financial reporting. In response, Li argued the remaining $1 million was never received, crippling operations and forcing salary cuts. He stated he left Metagent in October 2024 due to family reasons and Web3 compliance concerns, with board approval. He claimed to have fulfilled disclosure duties and that his subsequent projects avoided conflicting fields. Other investors, including ArkStream Capital, shared negative due diligence experiences, citing unprofessional contracts and evasive answers on tokenomics. Metagent's social media went silent in June 2024, effectively stalling. Li has since moved to a new consumer AI agent platform, Pine AI (formerly Logenic AI), which has raised $25 million in Series A funding. He served as its Chief Scientist but recently left, clarifying he was not the founder and departed due to a shift in research interests.

Foresight NewsHá 20m

Former Huawei 'Genius Teen' Who Questioned DeepSeek Interview Lands in 'Crossfire' from Web3 Investor

Foresight NewsHá 20m

SemiAnalysis: Anthropic's Q3 Profit to Exceed $1 Billion

Research firm SemiAnalysis reveals that Anthropic is reshaping the AI commercialization landscape with profitability and growth rates far exceeding competitors. Leveraging a high-margin, API-centric business model, Anthropic has become a leader in the B2B AI market. The report projects that Anthropic will achieve a GAAP EBIT of $1 billion in Q3 2026, with a 6% margin. Its Annual Recurring Revenue (ARR) has surged from $9 billion at the end of 2025 to over $60 billion currently. If it maintains a Net New ARR (NNARR) of approximately $15 billion per month, its ARR could reach $300 billion by the end of 2027, implying a $6 trillion enterprise value and making it the world's most valuable company. Anthropic secretly filed for an IPO on June 1st. SemiAnalysis argues the timing is strategically urgent due to narrowing capital market windows as rivals like Alphabet and Meta secure major funding. The superior financials and business model suggest Anthropic should go public before OpenAI to seize the competitive initiative. The performance inflection stems from the explosive adoption of Claude Code, which now accounts for over 7% of all GitHub commits, driving monthly NNARR from $3 billion in January to $11 billion in March. Anthropic's revenue structure differs significantly from OpenAI's. Approximately 75-85% of Anthropic's ARR comes from usage-based API fees, with consumer subscriptions constituting only about 5%. In contrast, over 65% of OpenAI's Q1 2026 revenue was from subscriptions, with ~40% from consumers. The API model's key advantage is no per-user revenue cap, enabling growth within existing accounts. Anthropic's Net Revenue Retention (NRR) is an extraordinary 500%. This drives superior gross margins, now in the mid-60% range versus -94% in 2024, with API margins exceeding 80%. Core drivers are improved inference efficiency and a largely enterprise-focused model without the cost of serving hundreds of millions of free users. The report introduces "EBTIT" (Earnings Before Training & Interest & Taxes) to measure re-investment capacity, projecting Anthropic's cumulative EBTIT through 2028 will be $250 billion higher than OpenAI's. Over 65% of lab ARR currently comes from programming use cases. Cybersecurity is seen as the next major vertical, with upcoming model releases like Fable expected to further increase token pricing and expand NNARR. Indirect sales via hyperscaler platforms (AWS Bedrock, Azure Foundry) now account for 15-20% of ARR. A core constraint is compute supply. By 2030, combined unconstrained compute demand from Anthropic and OpenAI could exceed 100 GW, far outstripping projected new capacity. IPO proceeds are seen as crucial to lock in future compute resources. Key risks include potential price cuts by OpenAI, competitive pressure from Google DeepMind and Meta in coding models, potential government restrictions on frontier model releases, and margin dilution from growing indirect "Token-as-a-Service" sales. Regulatory actions that narrow the capability gap between open-source and proprietary models are highlighted as a fundamental threat to Anthropic's moat.

marsbitHá 33m

SemiAnalysis: Anthropic's Q3 Profit to Exceed $1 Billion

marsbitHá 33m

Trading

Spot
活动图片