Close Menu
  • News
    • Bitcoin
    • Altcoins
    • DeFi
    • Regulation
    • Market Cap
    • Web 3
    • Scam
  • Blockchain
  • NFT
  • Metaverse
  • Analysis
  • Learn
  • Blog
  • Contact
    • Tech7685@gmail.com
What's Hot

Dogecoin (Doge) is struggling to support profit while Meme Coin cools Mania

2025-05-19

Ethereum: Why this analysis company expects ETH $ 6K to hit in 2025

2025-05-19

Alchemie acquires Solana developer Dexterlab for unknown sum

2025-05-19
Facebook X (Twitter) Instagram
  • Contact
  • Terms & Conditions
  • Privacy Policy
  • DMCA
  • Advertise
  • BitcoinPlatform.com
Facebook X (Twitter) Instagram
Free Cryptocurrency – Bitcoin | Altcoins | Blockchain | News Stories Updated Daily
  • News
    • Bitcoin
    • Altcoins
    • DeFi
    • Regulation
    • Market Cap
    • Web 3
    • Scam
  • Blockchain

    Alchemie acquires Solana developer Dexterlab for unknown sum

    2025-05-19

    Interlink and Blazpay Partner to improve the user experience in Web3 with AI

    2025-05-19

    Filmmaker David Goyer bets on blockchain for the next sci-fi franchise

    2025-05-19

    Jesse Pollak explains how Pectra Upgrade will overload the basic network

    2025-05-18

    Ice Open Network welcomes Soonchain AI in its online+ ecosystem to stimulate Web3 AI-Game Development

    2025-05-18
  • NFT

    The most popular collections of the moment on blockchain

    2025-05-18

    Raoul Pal sees NFT market exploding when Ethereum Bull Cycle is approaching

    2025-05-17

    Ethereum is at the top of the charts in weekly NFT sales with $ 44.7 million in sales volume

    2025-05-16

    Founder wallet emptied while he leaves

    2025-05-15

    British Museum puts sculptures from Dürer’s ‘Rhinoceros’ on Bitcoin Blockchain

    2025-05-14
  • Metaverse

    Shib: The Metaverse – Part of the expanding Shiba Inu ecosystem

    2025-01-03

    Experience to Earn: Everdome’s Metaverse Frontier

    2024-12-30

    Beyond Bots: Meta Motivo and the Dawn of Human Digital Life

    2024-12-13

    Exploring NetVRk: What’s Behind This AI-Powered Virtual Universe?

    2024-10-28

    Council of Europe emphasizes the impact of Metaverse on privacy and democracy

    2024-09-05
  • Analysis

    Dogecoin (Doge) is struggling to support profit while Meme Coin cools Mania

    2025-05-19

    Crypto analyst says that Bitcoin correction comes before the outbreak to the new all-time here is his prediction

    2025-05-19

    XRP – Price is struggling to keep the ground – breakdown or breathing break?

    2025-05-19

    The American stock market now looks more favorable than pre-trade war, according to Tom Lee from Fundstrat-Dit why is why

    2025-05-18

    Michael Burry van Big Short abruptly sells one ‘recession-proof’ assets

    2025-05-17
  • Learn

    Types of Blockchain Layers Explained: Layer 0, Layer 1, Layer 2 and Layer 3

    2025-05-16

    Token vs. Coin: Key Differences You Must Know as a Beginner

    2025-05-15

    Inside Changelly: 10 years of steadfast support and compliance

    2025-05-15

    What Is Proof-of-Work (PoW)?

    2025-05-12

    What Is Proof-of-Authority (PoA)?

    2025-05-10
  • Blog
  • Contact
    • Tech7685@gmail.com
Free Cryptocurrency – Bitcoin | Altcoins | Blockchain | News Stories Updated Daily
Home»Scam»XRP Ledger Developer Kit compromised with back door to steal the wallet private keys
XRP Ledger Developer Kit compromised with back door to steal the wallet private keys
Scam

XRP Ledger Developer Kit compromised with back door to steal the wallet private keys

2025-04-22No Comments3 Mins Read
Share
Facebook Twitter LinkedIn Pinterest Email

Aikido security a vulnerability announced In the official JavaScript SDK of the XRP Ledger (XRPL), they reveal that several compromised versions of the XRPL Node Package Manager (NPM) package were published to the register from 21 April.

The affected versions, V4.2.1 to V4.2.4 and V2.14.2, contain a back door that was able to exfil private keys, with a serious risk for crypto portfolios dependent on the software.

An NPM package is a reusable module for JavaScript- and Node.JS projects that are designed to simplify the installation, updates and removal.

According to Aikido Security, the automated threat monitoring platform De Anomalie marked at 8:53 pm UTC on April 21 when NPM user “Mukulljangid” published five new versions of the XRPL package.

These releases did not correspond to tagged releases on the official Github repository, which led to an immediate suspicion of a compromise for supply chain.

Malignant code embedded in the wallet -logic

The analysis of Aikido showed that the compromised packages contain a function called Checkvalidityofseed, which caused outgoing calls to the newly registered and non -rewarded domain 0x9c[.]XYZ.

The function was activated during the instantiation of the wallet class, so that private keys are silently transferred when making a wallet.

Early versions (V4.2.1 and V4.2.2) have embedded the malicious code in the built JavaScript files. Subsequent versions (V4.2.3 and V4.2.4) introduced the back door to the TypeScript Sources Sources, followed by their compilation in production code.

The attacker appeared to repeat about avoidance techniques, shifted from manual Javascript manipulation to deeper integration into the construction process of the SDK.

See also  Cartier Heir Indicted by DOJ for Allegedly Laundering 'Hundreds of Millions' in Part Through USDT Wire Transfers

The report stated that this package is used by hundreds of thousands of applications and websites, which describes the event as a targeted attack on the crypto development infrastructure.

The compromised versions also removed development tools such as nicer and scripts from the package.json file, which further indicate that intentional tampering.

XRP Ledger Foundation and Ecosystem Response

The XRP Ledger Foundation recognized The issue in a public statement published via X on April 22. It explained:

“Earlier today, a security investigator of @aikidosis security identified a serious vulnerability in the XRPL NPM package (V4.2.1–4.2.4 and V2.14.2). We are aware of the problem and work active in a solution. A detailed post-mortem will follow.”

Mark Ibanez, CTO from XRP Ledger-based Gen3 games, said that his team avoided the compromised package versions with a “little luck”.

He added:

“Our package.json has specified ‘XRPL’: ‘^4.1.0’, which means that, under normal circumstances, any compatible small or patch version – including possible compromised – may be installed during development, builds or implementations.”

Gen3 games, however, commit his PNPM-Lock.yaml file to version management. This practice ensured that exact versions, not newly published, were installed during development and implementation.

IBANEZ emphasized various practices to reduce risks, as always committing the “Lockfile” for version management, with the help of performance NPM (PNPM) if possible, and avoiding the use of the caret (^) -symbol in package.json to prevent unintended version -upgrades.

The software developer kit that is maintained by Ripple and distributed via NPM receives more than 140,000 downloads per week, whereby developers use it on a large scale to build applications on the XRP whides.

See also  Tornado Cash attacker makes a proposal that could reinstate the board

The XRP Ledger Foundation removed the affected versions from the NPM register shortly after the disclosure. Yet it remains unknown how many users had integrated the compromised versions before the problem was marked.

State in this article

Source link

Compromised developer door Keys Kit Ledger Private steal Wallet XRP
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Alchemie acquires Solana developer Dexterlab for unknown sum

2025-05-19

XRP – Price is struggling to keep the ground – breakdown or breathing break?

2025-05-19

Creator of more than 100 memecoins says that carpet trekkings are the ‘easiest way to earn money’

2025-05-18

Jan 2024 SECs x Account Hacker received 14 months in prison for cyber fraud

2025-05-17
Add A Comment

Comments are closed.

Top Posts

Microsoft veteran joins Matter Labs to unlock web3’s ‘holy grail’ with zkSync

2023-10-17

Elections Drive Weekly Crypto Inflows of $2.19 Billion: Here’s What Changed

2024-11-19

SEC Says NFTs Are Securities in New Wells, Notice Against OpenSea, Says CEO

2024-08-28
Editors Picks

Polkadot (DOT) Needs to Retest Crucial Support to Maintain Uptrend – Details

2024-11-30

ZK Proofs: Web3’s Automated Bullsh*t Detector.

2023-09-21

Galois Capital faces SEC charges for failure to comply with retention requirements

2024-09-03

European Central Bank executive calls crypto ‘harmful’, says asset class has no societal benefits

2023-06-25
About
About

Our mission is to develop a community of people who try to make financially sound decisions. The website strives to educate individuals in making wise choices about Cryptocurrencies, Defi, NFT, Metaverse and more.

We're social. Connect with us:

Facebook X (Twitter) Instagram Pinterest YouTube
Top Insights

Dogecoin (Doge) is struggling to support profit while Meme Coin cools Mania

Ethereum: Why this analysis company expects ETH $ 6K to hit in 2025

Alchemie acquires Solana developer Dexterlab for unknown sum

Get Informed

Subscribe to Updates

Get the latest news and Update from Free.cc about Crypto, Metaverse, NFT and more.

  • Contact
  • Terms & Conditions
  • Privacy Policy
  • DMCA
  • Advertise
  • BitcoinPlatform.com
© 2025 Free.cc - All rights reserved. Contact: info@free.cc

Type above and press Enter to search. Press Esc to cancel.

  • bitcoinBitcoin(BTC)$102,933.98-0.87%
  • ethereumEthereum(ETH)$2,420.08-3.27%
  • tetherTether USDt(USDT)$1.00-0.01%
  • rippleXRP(XRP)$2.33-2.65%
  • binancecoinBNB(BNB)$640.07-0.80%
  • solanaSolana(SOL)$162.29-4.99%
  • usd-coinUSDC(USDC)$1.00-0.01%
  • dogecoinDogecoin(DOGE)$0.217327-2.23%
  • cardanoCardano(ADA)$0.73-3.59%
  • tronTRON(TRX)$0.263767-3.20%
  • suiSui(SUI)$3.66-4.46%
  • chainlinkChainlink(LINK)$15.21-2.67%
  • avalanche-2Avalanche(AVAX)$21.68-5.42%
  • stellarStellar(XLM)$0.281335-2.69%
  • hyperliquidHyperliquid(HYPE)$25.43-5.37%
  • shiba-inuShiba Inu(SHIB)$0.000014-3.90%
  • hedera-hashgraphHedera(HBAR)$0.187800-2.96%
  • unus-sed-leoUNUS SED LEO(LEO)$8.55-1.73%
  • bitcoin-cashBitcoin Cash(BCH)$383.99-3.60%
  • the-open-networkToncoin(TON)$2.99-3.29%
  • litecoinLitecoin(LTC)$95.83-2.44%
  • polkadotPolkadot(DOT)$4.53-4.61%
  • moneroMonero(XMR)$344.761.43%
  • bitget-tokenBitget Token(BGB)$5.14-1.56%
  • daiDai(DAI)$1.000.00%
  • pepePepe(PEPE)$0.000013-3.77%
  • piPi(PI)$0.71-3.63%
  • ethena-usdeEthena USDe(USDE)$1.000.01%
  • uniswapUniswap(UNI)$5.76-2.12%
  • bittensorBittensor(TAO)$392.58-6.17%
  • aaveAave(AAVE)$220.59-2.08%
  • nearNEAR Protocol(NEAR)$2.69-2.37%
  • aptosAptos(APT)$4.98-3.67%
  • okbOKB(OKB)$51.94-2.41%
  • ondo-financeOndo(ONDO)$0.90-3.65%
  • kaspaKaspa(KAS)$0.104872-5.86%
  • ethereum-classicEthereum Classic(ETC)$17.81-3.04%
  • internet-computerInternet Computer(ICP)$5.06-3.23%
  • gatechain-tokenGateToken(GT)$21.23-1.31%
  • official-trumpOFFICIAL TRUMP(TRUMP)$12.56-2.36%
  • crypto-com-chainCronos(CRO)$0.094083-5.38%
  • mantleMantle(MNT)$0.73-0.98%
  • polygon-ecosystem-tokenPOL (prev. MATIC)(POL)$0.231262-2.87%
  • vechainVeChain(VET)$0.027199-3.86%
  • render-tokenRender(RENDER)$4.41-4.63%
  • usd1World Liberty Financial USD(USD1)$1.00-0.02%
  • ethenaEthena(ENA)$0.351970-6.33%
  • filecoinFilecoin(FIL)$2.77-2.99%
  • algorandAlgorand(ALGO)$0.214604-3.31%
  • cosmosCosmos(ATOM)$4.65-3.67%
  • bitcoinBitcoin(BTC)$102,933.98-0.87%
  • ethereumEthereum(ETH)$2,420.08-3.27%
  • tetherTether USDt(USDT)$1.00-0.01%
  • rippleXRP(XRP)$2.33-2.65%
  • binancecoinBNB(BNB)$640.07-0.80%
  • solanaSolana(SOL)$162.29-4.99%
  • usd-coinUSDC(USDC)$1.00-0.01%
  • dogecoinDogecoin(DOGE)$0.217327-2.23%
  • cardanoCardano(ADA)$0.73-3.59%
  • tronTRON(TRX)$0.263767-3.20%
  • suiSui(SUI)$3.66-4.46%
  • chainlinkChainlink(LINK)$15.21-2.67%
  • avalanche-2Avalanche(AVAX)$21.68-5.42%
  • stellarStellar(XLM)$0.281335-2.69%
  • hyperliquidHyperliquid(HYPE)$25.43-5.37%
  • shiba-inuShiba Inu(SHIB)$0.000014-3.90%
  • hedera-hashgraphHedera(HBAR)$0.187800-2.96%
  • unus-sed-leoUNUS SED LEO(LEO)$8.55-1.73%
  • bitcoin-cashBitcoin Cash(BCH)$383.99-3.60%
  • the-open-networkToncoin(TON)$2.99-3.29%
  • litecoinLitecoin(LTC)$95.83-2.44%
  • polkadotPolkadot(DOT)$4.53-4.61%
  • moneroMonero(XMR)$344.761.43%
  • bitget-tokenBitget Token(BGB)$5.14-1.56%
  • daiDai(DAI)$1.000.00%
  • pepePepe(PEPE)$0.000013-3.77%
  • piPi(PI)$0.71-3.63%
  • ethena-usdeEthena USDe(USDE)$1.000.01%
  • uniswapUniswap(UNI)$5.76-2.12%
  • bittensorBittensor(TAO)$392.58-6.17%
  • aaveAave(AAVE)$220.59-2.08%
  • nearNEAR Protocol(NEAR)$2.69-2.37%
  • aptosAptos(APT)$4.98-3.67%
  • okbOKB(OKB)$51.94-2.41%
  • ondo-financeOndo(ONDO)$0.90-3.65%
  • kaspaKaspa(KAS)$0.104872-5.86%
  • ethereum-classicEthereum Classic(ETC)$17.81-3.04%
  • internet-computerInternet Computer(ICP)$5.06-3.23%
  • gatechain-tokenGateToken(GT)$21.23-1.31%
  • official-trumpOFFICIAL TRUMP(TRUMP)$12.56-2.36%
  • crypto-com-chainCronos(CRO)$0.094083-5.38%
  • mantleMantle(MNT)$0.73-0.98%
  • polygon-ecosystem-tokenPOL (prev. MATIC)(POL)$0.231262-2.87%
  • vechainVeChain(VET)$0.027199-3.86%
  • render-tokenRender(RENDER)$4.41-4.63%
  • usd1World Liberty Financial USD(USD1)$1.00-0.02%
  • ethenaEthena(ENA)$0.351970-6.33%
  • filecoinFilecoin(FIL)$2.77-2.99%
  • algorandAlgorand(ALGO)$0.214604-3.31%
  • cosmosCosmos(ATOM)$4.65-3.67%