Crypto-Stealing Backdoor Found in Official XRP Ledger NPM Package

• XRP Ledger’s official NPM package was injected with a crypto-stealing backdoor.
• The affected NPM versions are 4.2.1 to 4.2.4 and 2.14.2.
• Users must upgrade to patched versions and rotate private keys.

A supply chain attack compromised the official XRP Ledger JavaScript SDK, injecting a backdoor into specific versions of NPM. A backdoor in specific NPM versions targeted private key theft, putting connected XRP wallets at risk. 

SlowMist issued a high-priority alert urging immediate updates and credential rotation.

How Malicious Code Hit NPM

The attack centered around the xrpl NPM package, used by developers to interact with the XRP Ledger blockchain. Between April 21 at 20:53 GMT+0 and April 22, malicious versions 4.2.1 through 4.2.4 and 2.14.2 were published to NPM under a legitimate package name.

Related: XRP Ledger Foundation Acts Fast on XRPL.js Bug; Threat Neutralized

However, an unauthorized user, “mukulljangid” made these versions. These versions included code that could steal private keys from crypto wallets.

Unlike standard updates, these releases were not mirrored on the official GitHub repository, prompting red flags within the secu…

The post Crypto-Stealing Backdoor Found in Official XRP Ledger NPM Package appeared first on Coin Edition.