Close Menu
Cryphedge.com
  • Home
  • Crypto News
    • Bitcoin
    • NFT News
  • Altcoins
  • Scams
  • Blockchain
  • Regulations
  • Trading
Facebook X (Twitter) Instagram
Cryphedge.com
  • Home
  • Crypto News
    • Bitcoin
    • NFT News
  • Altcoins
  • Scams
  • Blockchain
  • Regulations
  • Trading
Cryphedge.com
Home » XRP Ledger developer kit compromised with backdoor to steal wallet private keys
XRP Ledger developer kit compromised with backdoor to steal wallet private keys

XRP Ledger developer kit compromised with backdoor to steal wallet private keys

April 22, 20253 Mins ReadNo Comments Scams
Share
Facebook Twitter LinkedIn Pinterest Email

Aikido Security disclosed a vulnerability in the XRP Ledger’s (XRPL) official JavaScript SDK, revealing that multiple compromised versions of the XRPL Node Package Manager (NPM) package were published to the registry starting April 21. 

The affected versions, v4.2.1 through v4.2.4 and v2.14.2, contained a backdoor capable of exfiltrating private keys, posing a severe risk to crypto wallets that relied on the software.

An NPM package is a reusable module for JavaScript and Node.js projects designed to simplify installation, updates, and removal.

According to Aikido Security, its automated threat monitoring platform flagged the anomaly at 8:53 PM UTC on April 21 when NPM user “mukulljangid” published five new versions of the XRPL package.

These releases did not match any tagged releases on the official GitHub repository, prompting immediate suspicion of a supply chain compromise.

Malicious code embedded in the wallet logic

Aikido’s analysis found that the compromised packages contained a function called checkValidityOfSeed, which made outbound calls to the newly registered and unverified domain 0x9c[.]xyz. 

The function was triggered during the instantiation of the wallet class, causing private keys to be silently transmitted when creating a wallet.

Early versions (v4.2.1 and v4.2.2) embedded the malicious code in the built JavaScript files. Subsequent versions (v4.2.3 and v4.2.4) introduced the backdoor into the TypeScript source files, followed by their compilation into production code. 

The attacker appeared to iterate on evasion techniques, shifting from manual JavaScript manipulation to deeper integration in the SDK’s build process.

The report stated that this package is used by hundreds of thousands of applications and websites, describing the event as a targeted attack against the crypto development infrastructure. 

The compromised versions also removed development tools such as prettier and scripts from the package.json file, further indicating deliberate tampering.

XRP Ledger Foundation and ecosystem response

The XRP Ledger Foundation acknowledged the issue in a public statement published via X on April 22. It stated:

“Earlier today, a security researcher from @AikidoSecurity identified a serious vulnerability in the xrpl npm package (v4.2.1–4.2.4 and v2.14.2). We are aware of the issue and are actively working on a fix. A detailed post-mortem will follow.”

Mark Ibanez, CTO of XRP Ledger-based Gen3 Games, said his team avoided the compromised package versions with a “bit of luck.”

He added: 

“Our package.json specified ‘xrpl’: ‘^4.1.0’, which means that, under normal circumstances, any compatible minor or patch version—including potentially compromised ones—could have been installed during development, builds, or deployments.”

However, Gen3 Games commits its pnpm-lock.yaml file to version control. This practice ensured that exact versions, not newly published ones, were installed during development and deployment.

Ibanez emphasized several practices to mitigate risks, such as always committing the “lockfile” to version control, using Performant NPM (PNPM) when possible, and avoiding the use of the caret (^) symbol in package.json to prevent unintended version upgrades.

The software developer kit maintained by Ripple and distributed through NPM receives over 140,000 downloads per week, with developers widely using it to build applications on the XRP Ledger. 

The XRP Ledger Foundation removed the affected versions from the NPM registry shortly after the disclosure. Still, it remains unknown how many users had integrated the compromised versions before the issue was flagged.

Mentioned in this article
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
cryphedge

Related Posts

How to Stay Safe Before You Hit Send

June 29, 2026

The next big DeFi exploit will start before the code is deployed

May 26, 2026

THORChain exploit turns DeFi halt into trust test

May 16, 2026

Ripple insider warns XRP holders as fake airdrop scams surge across XRPL

May 14, 2026
Add A Comment

Comments are closed.

Editors Picks

Google Gemini AI Predicts Jaw-Dropping Sandisk Stock Price by End of 2026

June 30, 2026

Tom Lee’s BitMine Adds $43 Million in Ethereum as Strategy Pauses Bitcoin Purchases

June 30, 2026

July Bounce, Brutal August, Then the Final Low Near $39,000

June 30, 2026

Binance Will List Re (RE): Everything You Need to Know About the New RWA Token

June 30, 2026
About

cryphedge is an online news portal that aims to share the latest crypto news, bitcoin, altcoin, blockchain, nft news, regulation, trading, crypto scams and much more stuff.

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

Polkadot Locks DOT Supply at 2.1B — Ending Inflationary Model for Good

September 15, 2025

$800 Million in Crypto Wiped Out as Market Crashes

March 3, 2025

TAO & SHIB Analysis Stalls; Web3 Ai Hits $8.3M As Traders Shift Focus

June 21, 2025
Subscribe
Please enable JavaScript in your browser to complete this form.
Loading
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms of Use
  • DMCA

Type above and press Enter to search. Press Esc to cancel.

  • bitcoinBitcoin(BTC)$58,543.00-2.60%
  • ethereumEthereum(ETH)$1,571.06-2.37%
  • tetherTether(USDT)$1.00-0.01%
  • binancecoinBNB(BNB)$546.58-2.22%
  • usd-coinUSDC(USDC)$1.00-0.01%
  • rippleXRP(XRP)$1.04-1.74%
  • solanaSolana(SOL)$73.59-1.77%
  • tronTRON(TRX)$0.314514-1.93%
  • Figure HelocFigure Heloc(FIGR_HELOC)$1.01-2.94%
  • HyperliquidHyperliquid(HYPE)$64.89-2.55%
  • dogecoinDogecoin(DOGE)$0.071932-1.98%
  • RainRain(RAIN)$0.015763-1.06%
  • USDSUSDS(USDS)$1.00-0.01%
  • leo-tokenLEO Token(LEO)$9.26-2.94%
  • zcashZcash(ZEC)$398.92-1.63%
  • stellarStellar(XLM)$0.1899988.90%
  • WhiteBIT CoinWhiteBIT Coin(WBT)$53.9212.75%
  • moneroMonero(XMR)$302.64-4.11%
  • CantonCanton(CC)$0.141330-2.42%
  • chainlinkChainlink(LINK)$7.19-2.53%
  • cardanoCardano(ADA)$0.143921-1.13%
  • USD1USD1(USD1)$1.00-0.02%
  • daiDai(DAI)$1.00-0.04%
  • Ethena USDeEthena USDe(USDE)$1.00-0.03%
  • LABLAB(LAB)$13.74-8.33%
  • Gram (prev. Toncoin)Gram (prev. Toncoin)(GRAM)$1.51-5.84%
  • bitcoin-cashBitcoin Cash(BCH)$199.45-0.87%
  • litecoinLitecoin(LTC)$41.81-2.98%
  • Circle USYCCircle USYC(USYC)$1.13-0.05%
  • hedera-hashgraphHedera(HBAR)$0.069437-3.07%
  • Global DollarGlobal Dollar(USDG)$1.000.00%
  • avalanche-2Avalanche(AVAX)$6.53-2.05%
  • suiSui(SUI)$0.69-1.29%
  • PayPal USDPayPal USD(PYUSD)$1.000.02%
  • crypto-com-chainCronos(CRO)$0.053767-1.43%
  • shiba-inuShiba Inu(SHIB)$0.000004-1.40%
  • tether-goldTether Gold(XAUT)$3,998.620.00%
  • nearNEAR Protocol(NEAR)$1.78-3.78%
  • BlackRock USD Institutional Digital Liquidity FundBlackRock USD Institutional Digital Liquidity Fund(BUIDL)$1.000.00%
  • Ondo US Dollar YieldOndo US Dollar Yield(USDY)$1.13-0.47%
  • BittensorBittensor(TAO)$202.10-3.03%
  • World Liberty FinancialWorld Liberty Financial(WLFI)$0.057431-3.97%
  • pax-goldPAX Gold(PAXG)$4,000.650.00%
  • uniswapUniswap(UNI)$2.78-3.52%
  • AsterAster(ASTER)$0.62-0.51%
  • okbOKB(OKB)$78.80-1.80%
  • OndoOndo(ONDO)$0.308553-2.40%
  • HTX DAOHTX DAO(HTX)$0.000002-3.32%
  • Falcon USDFalcon USD(USDF)$1.000.07%
  • WorldcoinWorldcoin(WLD)$0.405739-3.50%
  • Ripple USDRipple USD(RLUSD)$1.000.00%
  • polkadotPolkadot(DOT)$0.82-0.41%
  • usddUSDD(USDD)$1.000.00%
  • mantleMantle(MNT)$0.409554-4.34%
  • BFUSDBFUSD(BFUSD)$1.00-0.04%
  • aaveAave(AAVE)$85.95-5.77%
  • Pi NetworkPi Network(PI)$0.115250-1.86%
  • MorphoMorpho(MORPHO)$1.911.42%
  • SkySky(SKY)$0.051871-1.73%
  • internet-computerInternet Computer(ICP)$2.09-4.66%
  • bitget-tokenBitget Token(BGB)$1.59-1.87%
  • DeXeDeXe(DEXE)$23.220.73%
  • ethereum-classicEthereum Classic(ETC)$6.86-3.92%
  • United StablesUnited Stables(U)$1.00-0.01%
  • PepePepe(PEPE)$0.000002-1.29%
  • Blockchain CapitalBlockchain Capital(BCAP)$106.970.00%
  • MemeCoreMemeCore(M)$0.7323.92%
  • quant-networkQuant(QNT)$64.75-1.57%
  • ​​Stable​​Stable(STABLE)$0.0386310.37%
  • Spiko EU T-Bills Money Market FundSpiko EU T-Bills Money Market Fund(EUTBL)$1.20-0.02%
  • kucoin-sharesKuCoin(KCS)$6.64-4.01%
  • AudieraAudiera(BEAT)$2.935.29%
  • Janus Henderson Anemoy Treasury FundJanus Henderson Anemoy Treasury Fund(JTRSY)$1.110.01%
  • Invesco Short Duration US Government Securities FundInvesco Short Duration US Government Securities Fund(USTB)$11.130.03%
  • USDGOUSDGO(USDGO)$1.00-0.04%
  • kaspaKaspa(KAS)$0.029607-3.62%
  • cosmosCosmos Hub(ATOM)$1.51-0.92%
  • render-tokenRender(RENDER)$1.49-4.94%
  • justJUST(JST)$0.087132-0.43%
  • algorandAlgorand(ALGO)$0.082774-3.28%
  • USDtbUSDtb(USDTB)$1.00-0.02%
  • POL (ex-MATIC)POL (ex-MATIC)(POL)$0.068550-2.89%
  • nexoNEXO(NEXO)$0.71-1.31%
  • JupiterJupiter(JUP)$0.211545-2.55%
  • VelvetVelvet(VELVET)$1.640.33%
  • ADIADI(ADI)$5.50-0.28%
  • gatechain-tokenGate(GT)$6.46-2.04%
  • Janus Henderson Anemoy AAA CLO FundJanus Henderson Anemoy AAA CLO Fund(JAAA)$1.040.02%
  • EthenaEthena(ENA)$0.071814-8.58%
  • 币安人生 (BinanceLife)币安人生 (BinanceLife)(币安人生)$0.66-3.09%
  • BeldexBeldex(BDX)$0.084661-5.63%
  • Spiko Amundi Overnight Swap Fund (EUR)Spiko Amundi Overnight Swap Fund (EUR)(EURSAFO)$1.15-0.03%
  • GHOGHO(GHO)$1.000.00%
  • Venice TokenVenice Token(VVV)$12.35-7.03%
  • Pump.funPump.fun(PUMP)$0.001416-4.81%
  • filecoinFilecoin(FIL)$0.72-2.02%
  • YLDSYLDS(YLDS)$1.00-0.01%
  • FlareFlare(FLR)$0.006418-2.25%
  • xdce-crowd-saleXDC Network(XDC)$0.027714-1.29%
  • Usual USDUsual USD(USD0)$1.00-0.01%