XRP Ledger SDK Under Siege: Hackers Swipe Private Keys in Supply Chain Debacle! Update Now!

XRP Ledger users, beware! A supply chain attack on the xrpl NPM package has been stealing private keys like it’s collecting Pokémon cards. Update to versions 4.2.5 or 2.14.3 immediately to dodge this digital disaster and protect your crypto assets.

3P
Published: April 24, 2025 7:50 pmAdded: April 24, 2025 at 1:06 pmAssembled by: The Editor
Pro Dashboard

Hot Take:

Unbeknownst to them, XRP Ledger users got a surprise guest in their digital wallets. Thanks to a supply chain attack using the xrpl package, private keys were up for grabs faster than free samples at a grocery store. The attackers’ plan was as smooth as a jazz band at a wine bar, but now it’s time to change your tune – update to xrpl 4.2.5 or 2.14.3, and spare yourself a digital hangover!

Key Points:

– A supply chain attack compromised the xrpl NPM package, leading to stolen private keys.
– Five rogue versions of the xrpl package were discovered, with malicious code not present in GitHub releases.
– The malicious code included a backdoor for stealing cryptocurrency wallet credentials.
– Attackers refined their methods over time, integrating code more subtly.
– Users must update to xrpl versions 4.2.5 or 2.14.3 and transfer assets to new wallets.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?