XRP Ledger Compromised? Validator Warns Projects And Developers Of Critical Issues

bitcoinistОпубліковано о 2025-04-23Востаннє оновлено о 2025-04-23

Анотація

An XRP Ledger (XRPL) validator has warned projects and developers that the network is compromised. He revealed some critical issues...

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

An XRP Ledger (XRPL) validator has warned projects and developers that the network is compromised. He revealed some critical issues on the network, which put users and their funds at risk of an exploit. 

Validator Warns That XRP Ledger is Compromised

In an X post, XRP Ledger validator Vet told the network’s developers and projects that use the XRPL js library not to update or use any version 4.2.1 or higher, as it has been compromised. He remarked that any project utilizing the newest version of XRPL is putting users and funds at risk of an attack from hackers. 

Vet’s warning was in response to a post by Aikido Security, in which they stated that they had discovered a backdoor in the official XRP Ledger NPM package. The blockchain security firm added that this back door steals private keys and sends them to attackers. The affected versions are 4.2.1 and 4.2.4, so developers and projects should not upgrade to these versions. 

Ripple Chief Technology Officer (CTO) David Schwartz also commented on the Ledger situation, noting that it was just the XRPL.js from NPM that was compromised. He also alluded to a post by Ripple senior software engineer Mayukha Vadari. Vadari mentioned that the Ledger itself is unaffected by the malware. 

The engineer confirmed that the malware packages only affected services that use xrpl.js and were upgraded to the malicious versions that were published about a day ago. He added that GitHub remains safe, as only npm has been compromised. Vadari urged users to avoid services that have access to their private keys and seed phrases until they have confirmed that these services are unaffected by this malware. 

XRPL Foundation Provides Update 

The XRP Ledger Foundation also provided an update on the malware situation. In an X post, the Foundation clarified that the vulnerability is in xrpl.js, a JavaScript library for interacting with the XRPL. They further stated that the vulnerability does not affect the network’s codebase or the GitHub repository itself. Meanwhile, the Foundation urged projects using xrpl.js to upgrade to v4.2.5 immediately. 

The XRP Ledger Foundation also confirmed in the thread that it had deprecated the compromised xrpl.js versions on npm. They mentioned that they will share a detailed post-mortem soon and again urged projects and developers to ensure that they are using versions 4.2.5 or 2.14.3. 

In another X post, the Foundation announced that it has published an updated npm package for users of the 2.14.x branch to remove the previously compromised version. They asked these XRP Ledger users to update immediately to version 2.14.3 to prevent an attack. 

XRP
XRP trading at $2.2 on the 1D chart | Source: XRPUSDT on Tradingview.com
Featured image from YouTube, chart from Tradingview.com
Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.

Scott Matherson is a leading crypto writer at Bitcoinist, who possesses a sharp analytical mind and a deep understanding of the digital currency landscape. Scott has earned a reputation for delivering thought-provoking and well-researched articles that resonate with both newcomers and seasoned crypto enthusiasts. Outside of his writing, Scott is passionate about promoting crypto literacy and often works to educate the public on the potential of blockchain.

Пов'язані матеріали

Zuckerberg's 'Mango' Image Generation Model Trails Only GPT Image 2, It Learned to Revise Prompts on Its Own

Meta's MSL has launched Muse Image, an advanced image generation model nicknamed "Mango," which ranks second globally in text-to-image benchmarks, closely trailing OpenAI's GPT Image 2. Its key innovation is agent-like behavior: it searches for factual information, writes code for charts, and, most notably, has developed self-correction abilities through reinforcement learning, allowing it to revise its own outputs without explicit programming. This shift emphasizes reasoning over immediate generation. Integrated with Meta's ecosystem, Mango connects with the Muse Spark language model for complex tasks and features a unique "@" function that can incorporate public Instagram photos into generated images—raising privacy concerns as it's enabled by default. The model is directly accessible in Meta AI, Instagram, and WhatsApp, leveraging Meta's vast user base for distribution rather than competing solely on image quality. Accompanying Mango is the preview of Muse Video, a video generation model with integrated audio, currently ranked third in its category. All Mango-generated images include an invisible, persistent watermark (Content Seal) for AI identification, alongside a public detection tool. While Mango advances "thinking" image models, its use of social data poses new ethical questions about consent and digital boundaries.

marsbit11 хв тому

Zuckerberg's 'Mango' Image Generation Model Trails Only GPT Image 2, It Learned to Revise Prompts on Its Own

marsbit11 хв тому

Weng Li's New Blog Proposes 'Self-Evolution Should Start from Harness', DeepSeek's Cui Tianyi Endorses with Repost

Lilian Weng, former OpenAI security VP and co-founder of Thinking Machines Lab, has published a new blog post titled "Harness Engineering for Self-Improvement," proposing a pragmatic path for AI self-evolution. She argues that Recursive Self-Improvement (RSI) may practically begin at the "Harness" layer—the external runtime system governing how models use tools, manage context, and execute tasks—rather than directly from the model rewriting its own weights. The blog outlines a progression from optimizing prompts (Context Engineering) to designing workflows, and ultimately to Self-Improving Harness systems. These systems can identify their own weaknesses, propose targeted, verifiable modifications to the harness code, and validate improvements. Works like Self-Harness and Darwin Gödel Machine (DGM) demonstrate significant performance gains on benchmarks like SWE-bench through such automated harness evolution, rivaling handcrafted agents. DeepSeek researcher Tianyi Cui endorsed the view, noting harness-based self-evolution is as promising as model-based approaches. Weng emphasizes this is complementary to model training, with both reinforcing each other. However, key challenges remain: weak evaluators for subjective tasks, reward hacking, diversity collapse, managing long-term system health versus short-term success, and defining the human oversight role. The consensus is growing: the harness is a critical variable, as the same model can exhibit vastly different capabilities within different harness systems.

marsbit25 хв тому

Weng Li's New Blog Proposes 'Self-Evolution Should Start from Harness', DeepSeek's Cui Tianyi Endorses with Repost

marsbit25 хв тому

Odaily Editorial Department Tea Party (July 8)

Odaily Editorial Team Casual Chat (July 8) This is an informal column from Odaily's editorial team, sharing immediate thoughts on industry news, data, and hot topics from various angles. It presents investment ideas and opportunity hypotheses still under verification—which may not be direct wealth codes but questions in themselves—alongside observations from industry interactions and materials that genuinely enhance the team's understanding. The content is based on real investment and observation experiences, carries no advertising, and does not constitute investment advice. Its purpose is to broaden perspectives and supplement information sources, not to create consensus. Team Member Shares: * **Wenser (@wenser2010):** Noted a deeper correction (nearly 30%) in US and Korean stocks, including memory stocks, but remains bullish on DRAM due to perceived supply shortages. In prediction markets, personal small bets outperformed blind copying; favors France to win the World Cup. Views crypto-related stocks like STRK as bearish for now, while seeing Circle and Coinbase as potential rebound plays. Observes recent strength in software stocks like Microsoft but is unsure if it's a sustained recovery. * **Bcxiongdi (@bcxiongdi):** Discusses the recent "recovery training" in meme coin markets on Solana and BSC, characterized by small-scale PVP opportunities, admitting to having sold many assets too early. Suggests also watching the Robinhood chain. Found World Cup prediction markets challenging, advising to consider buying during matches rather than only before. * **Azuma (@azuma_eth):** Focuses on the US stock market, particularly the significant semiconductor correction. Believes demand fundamentals remain and considers buying the dip in DRAM stocks. Notes a potential rotation signal as hedge funds have recently concentrated buying in tech stocks. Plans to continue adding to RKLB (Rocket Lab) stock, seeing limited downside and high upside potential at current levels after its founder's share sale window closed.

Odaily星球日报41 хв тому

Odaily Editorial Department Tea Party (July 8)

Odaily星球日报41 хв тому

Former Huawei 'Genius Teen' Who Questioned DeepSeek Interview Lands in 'Crossfire' from Web3 Investor

Former Huawei "Genius Youth" Li Bojie recently drew public attention by criticizing his interview experience with DeepSeek. The controversy escalated when Du Jun, co-founder of Web3 investment firm ABCDE Capital, publicly accused Li of being "the founder with the least sense of contractual spirit" he had ever cooperated with, sparking a dispute over Li's startup project, Metagent. Li detailed a frustrating DeepSeek interview where he was accused of potential plagiarism, leading him to end the session. The spotlight then shifted to his venture, Metagent, a Web3+AI project aiming to tokenize AI agents. ABCDE invested $1.5 million, with an initial $500k disbursed. Du Jun claimed the project's progress was severely lacking, with a poor-quality demo and minimal social media activity. He alleged Li stopped communicating, deleted his Telegram, and failed to provide proper financial reporting. In response, Li argued the remaining $1 million was never received, crippling operations and forcing salary cuts. He stated he left Metagent in October 2024 due to family reasons and Web3 compliance concerns, with board approval. He claimed to have fulfilled disclosure duties and that his subsequent projects avoided conflicting fields. Other investors, including ArkStream Capital, shared negative due diligence experiences, citing unprofessional contracts and evasive answers on tokenomics. Metagent's social media went silent in June 2024, effectively stalling. Li has since moved to a new consumer AI agent platform, Pine AI (formerly Logenic AI), which has raised $25 million in Series A funding. He served as its Chief Scientist but recently left, clarifying he was not the founder and departed due to a shift in research interests.

Foresight News1 год тому

Former Huawei 'Genius Teen' Who Questioned DeepSeek Interview Lands in 'Crossfire' from Web3 Investor

Foresight News1 год тому

Торгівля

Спот
活动图片