National Cyber Warfare Foundation (NCWF)

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack


0 user ratings
2025-04-23 07:49:25
milo
Blue Team (CND)
The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys.
The malicious activity has been found to affect five different versions of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been addressed in versions 4.2.5 and 2.14.3.



Source: TheHackerNews
Source Link: https://thehackernews.com/2025/04/ripples-xrpljs-npm-package-backdoored.html


Comments
new comment
Nobody has commented yet. Will you be the first?
 
Forum
Blue Team (CND)



Copyright 2012 through 2025 - National Cyber Warfare Foundation - All rights reserved worldwide.