XRP Ledger Compromised? Validator Warns Projects And Developers Of Critical Issues

bitcoinist發佈於 2025-04-23更新於 2025-04-23

文章摘要

An XRP Ledger (XRPL) validator has warned projects and developers that the network is compromised. He revealed some critical issues...

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

An XRP Ledger (XRPL) validator has warned projects and developers that the network is compromised. He revealed some critical issues on the network, which put users and their funds at risk of an exploit. 

Validator Warns That XRP Ledger is Compromised

In an X post, XRP Ledger validator Vet told the network’s developers and projects that use the XRPL js library not to update or use any version 4.2.1 or higher, as it has been compromised. He remarked that any project utilizing the newest version of XRPL is putting users and funds at risk of an attack from hackers. 

Vet’s warning was in response to a post by Aikido Security, in which they stated that they had discovered a backdoor in the official XRP Ledger NPM package. The blockchain security firm added that this back door steals private keys and sends them to attackers. The affected versions are 4.2.1 and 4.2.4, so developers and projects should not upgrade to these versions. 

Ripple Chief Technology Officer (CTO) David Schwartz also commented on the Ledger situation, noting that it was just the XRPL.js from NPM that was compromised. He also alluded to a post by Ripple senior software engineer Mayukha Vadari. Vadari mentioned that the Ledger itself is unaffected by the malware. 

The engineer confirmed that the malware packages only affected services that use xrpl.js and were upgraded to the malicious versions that were published about a day ago. He added that GitHub remains safe, as only npm has been compromised. Vadari urged users to avoid services that have access to their private keys and seed phrases until they have confirmed that these services are unaffected by this malware. 

XRPL Foundation Provides Update 

The XRP Ledger Foundation also provided an update on the malware situation. In an X post, the Foundation clarified that the vulnerability is in xrpl.js, a JavaScript library for interacting with the XRPL. They further stated that the vulnerability does not affect the network’s codebase or the GitHub repository itself. Meanwhile, the Foundation urged projects using xrpl.js to upgrade to v4.2.5 immediately. 

The XRP Ledger Foundation also confirmed in the thread that it had deprecated the compromised xrpl.js versions on npm. They mentioned that they will share a detailed post-mortem soon and again urged projects and developers to ensure that they are using versions 4.2.5 or 2.14.3. 

In another X post, the Foundation announced that it has published an updated npm package for users of the 2.14.x branch to remove the previously compromised version. They asked these XRP Ledger users to update immediately to version 2.14.3 to prevent an attack. 

XRP
XRP trading at $2.2 on the 1D chart | Source: XRPUSDT on Tradingview.com
Featured image from YouTube, chart from Tradingview.com
Editorial Process for bitcoinist is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.

Scott Matherson is a leading crypto writer at Bitcoinist, who possesses a sharp analytical mind and a deep understanding of the digital currency landscape. Scott has earned a reputation for delivering thought-provoking and well-researched articles that resonate with both newcomers and seasoned crypto enthusiasts. Outside of his writing, Scott is passionate about promoting crypto literacy and often works to educate the public on the potential of blockchain.

你可能也喜歡

Odaily编辑部茶话会(7月8日)

《Odaily编辑部茶话会(7月8日)》摘要: 这是Odaily编辑部的一个非正式分享栏目,旨在基于成员的真实投资与观察,分享行业感想、投资想法、从业者观察及认知提升材料,不构成投资建议,旨在扩展视角。 **Wenser (@wenser2010)** 分享: 1. 美股韩股回调幅度近30%,认为内存(DRAM)仍处供小于求阶段,当前下跌或是深蹲。 2. 预测市场跟单亏损,亲自小注获利。观察到世界杯弱队表现可圈可点,认为商业利益主导赛果,看好法国队(相关投注已翻倍)。 3. 倾向于做空加密概念股,视Circle、Coinbase为搏反弹标的。 4. 美股软件股(如微软)近期表现不错,性质待观察。 **Bcxiongdi (@bcxiongdi)** 分享: 1. Meme币行情活跃,但以小资金博弈为主,自身卖飞不少。可关注新兴的Robinhood链。 2. 世界杯预测市场操作难度高,建议可尝试在比赛过程中寻找抄底机会。 **Azuma (@azuma_eth)** 分享: 1. 关注美股半导体板块大幅回调,核心看巨头资本开支计划。倾向于市场需求不变,会考虑逢低加仓(尤其是DRAM)。 2. 注意到对冲基金自去年10月以来再次集中买入科技股,可作为潜在轮动信号参考。 3. RKLB(火箭实验室)创始人售股窗口关闭,股价回落,认为其当前价位下行风险有限,上行有想象力,会继续加仓。

Odaily星球日报41 分鐘前

Odaily编辑部茶话会(7月8日)

Odaily星球日报41 分鐘前

交易

現貨
活动图片