- The XRPL JavaScript library (v4.2.1-4.2.4, v2.14.2) had a vulnerability potentially stealing private keys. Update to v4.2.5 immediately.
- Researcher Charlie Eriksen found a “backdoor” in the XRPL library, posing a “catastrophic” supply chain risk via compromised NPM versions.
- Despite this dependency issue, the core Ledger boasts over 2.8 billion secure transactions and growing institutional adoption.
The XRP Ledger Foundation has recently discovered a security vulnerability in the JavaScript library (v4.2.1–4.2.4 and v2.14.2) used to interact with the ledger that could steal crypto private keys. The Foundation has upgraded the code, released the patched version, v4.2.5, and removed the previously compromised version.
While the issue affects only versions published on NPM, it poses a serious supply chain risk. The foundation has urged affected projects to update to the latest version. The issue was discovered by Aikido Security malware researcher Charlie Eriksen, who said this “backdoor” could lead to a “potentially catastrophic” supply chain attack.
XRP Ledger Devs and Projects—if you use the xrpl.js library, don’t update to or use ANY version 4.2.1 or higher. It’s compromised—any project utilizing the newest version is putting users and funds at risk! Please let EVERY project and developer know about this!
Cryptocurrencies are software projects that typically depend on external libraries, packages, or modules of pre-written code created by developers. These are the “code dependencies.” They handle specific functionalities, saving developers time and effort.
XRPL’s Robust Transaction History and Security Focus
Security experts have therefore emphasized the need to thoroughly examine and double-check these dependencies. This involves understanding what the external code does, where it comes from, its reputation, and whether it has known vulnerabilities.
“Double-check code dependencies, folks. In crypto, vigilance is as essential as innovation. Stay safe out there.”
Overall, the XRP Ledger has been proactive in tackling security threats and undertaking routine checks to look for any vulnerabilities. The blockchain has also seen robust growth, with adoption accelerating in multiple use cases. Institutions, decentralized finance (DeFi) platforms, and stablecoin issuers are all on-ramping more and more to XRPL’s infrastructure.
Jasmine Cooper, Head of Product at RippleX, recently highlighted network efficiency as the key driver of institutional attention. With more than 2.8 billion transactions settled and no security failures, XRPL is considered one of the most secure blockchain networks.