Ripple cryptocurrency software library hit by major security issue, wallets under threat

News
By published

Malicious commits were uploaded to NPM

XRP
(Image credit: Shutterstock / AlekseyIvanov)
  • A malicious actor used a compromised Ripple dev account to publish commits to NPM
  • The commits would grant access to people's crypto wallets
  • They were downloaded around 450 times before being pulled down

A JavaScript library recommended by a major cryptocurrency company has been hijacked, with users now being at risk of losing access to their crypto wallets, as well as the funds stored inside.

Researchers warned omeone managed to break into a NPM account belonging to a developer associated with Ripple.

After breaking into the account, the threat actor modified the NPM JavaScript library named ‘xrpl.js”. Versions 2.14.2, 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of the xrpl NPM package were modified and then published to NPM. The xrpl.js library is used to interact with the XRP Ledger (XRPL) from JavaScript applications, enabling developers to send transactions, check balances, and manage accounts on the network. It is maintained by the XRP Ledger Foundation and is Ripple’s recommended library for interacting with the XPR blockchain via JavaScript.

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

Get Keeper Personal for just $1.67/month, Keeper Family for just $3.54/month, and Keeper Business for just $7/month

​Keeper is a cybersecurity platform primarily known for its password manager and digital vault, designed to help individuals, families, and businesses securely store and manage passwords, sensitive files, and other private data.

It uses zero-knowledge encryption and offers features like two-factor authentication, dark web monitoring, secure file storage, and breach alerts to protect against cyber threats.

Preferred partner (What does this mean?)

View Deal

GitHub not affected

Ripple is a cryptocurrency company that built XRP, currently the fourth biggest cryptocurrency. It is designed for cross-border payments and currency transfers, primarily for financial institutions. At press time, XRP has a market capitalization of $132.34 billion, and a daily transaction volume of $5 billion.

Before being pulled down, the malicious updates amassed 452 downloads. The latest version showing now is 4.2.5 and this one is clean. Users are advised to upgrade immediately. Usually, the library has more than 100,000 downloads a week.

The malicious commits are not found in the GitHub repository, which should mean the attack occurred during the NPM publishing process.

In the meantime, the XRP Ledger Foundation took to X to clarify that the XRP Ledger codebase and GitHub repository were not affected:

“To clarify: This vulnerability is in xrpl.js, a JavaScript library for interacting with the XRP Ledger. It does NOT affect the XRP Ledger codebase or Github repository itself. Projects using xrpl.js should upgrade to v4.2.5 immediately,” it said.

Xaman Wallet, XRPScan, First Ledger, and Gen3 Games projects were not affected.

Via BleepingComputer

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.