A critical exploit in the XRP Ledger’s software development kit has exposed millions of user assets to potential theft, raising concerns about security vulnerabilities in blockchain infrastructure.

The breach, described as a “potentially catastrophic supply chain attack”, was discovered by Aikido Security, a firm specializing in crypto cybersecurity. Malicious versions of the XRP Ledger’s SDK were released on the Node Package Manager (NPM) registry, allowing attackers to steal private keys from unsuspecting users.

Security researchers identified the exploit when a user named “mukulljangid” began publishing compromised versions of the SDK. These versions contained crypto-stealing malware, which created a backdoor for attackers to gain unauthorized access to wallets.

Ripple confirms breach

Ripple’s Chief Technology Officer, David Schwartz, confirmed the breach and urged developers to update their software immediately. The affected library, xrpl.js, is widely used for interacting with the XRP Ledger, making the attack particularly dangerous.

The XRP Ledger Foundation responded swiftly, releasing secure versions of the SDK and advising users to audit their projects for exposure to the compromised code.

This incident highlights the growing threat of supply chain attacks in the crypto industry, emphasizing the need for robust security measures to protect user assets.


Trade on JuCoin

Explore More From JuCoin:JuCoin Exchange |Twitter/X |Telegram |Discord |Ghost

Shogun Lin

Share