Ripple NPM supply chain attack hunts for private keys

Ripple NPM supply chain attack hunts for private keys

: A mystery thief and a critical CVE involved in crypto cash grab

Ripple cryptocurrency software library hit by major security issue, wallets under threat

Malicious commits were uploaded to NPM but quickly removed.

Backdoor Found in Official XRP Ledger NPM Package

XRP Ledger SDK hit by supply chain attack: Malicious NPM versions stole private keys; users urged to update xrpl package to 4.2.5 or 2.14.3.

A hacker infects the official NPM software of Ripple's Ledger XRP with a "deprecated door" of cryptocurrency theft, hundreds of thousands of applications and websites are on displayThe Ripple cryptocurrency's JavaScript npm library, named xrpl.js, has been compromised by unknown actors as part of an attack on the software supply chain to collect and exfil the users' private keys. The malicious activity affects five people.

Ripple Developer Tools Hacked: What Went Wrong and What’s Next

XRP recently faced a serious security incident when a malicious actor compromised one of its core development tools, the JavaScript library xrpl.js. This software supply chain attack affected specific versions of the library published on the Node Package Manager (NPM), putting users’ private keys at risk. Aikido Security initially flagged the issue, and Ripple’s Chief Technology Officer, David Schwartz, later confirmed the breach. The attack com…

Crypto-Stealing Backdoor Found in Official XRP Ledger NPM Package

XRP Ledger’s official NPM package was injected with a crypto-stealing backdoor. The affected NPM versions are 4.2.1 to 4.2.4 and 2.14.2. Users must upgrade to patched versions and rotate private keys. A supply chain attack compromised the official XRP Ledger JavaScript SDK, injecting a backdoor into specific versions of NPM. A backdoor in specific NPM versions targeted private key theft, putting connected XRP wallets at risk.  SlowMist issued a …