Crypto-Stealing Code Found in XRP Toolkit, Devs Urged to Update

Well, this one’s a developer’s worst nightmare. The XRP Ledger Foundation just had to clean up a major mess after discovering that a commonly used JavaScript library in the XRP ecosystem had been compromised. The library, called xrpl.js, was hiding a nasty little backdoor that could steal your private keys. The XRP Ledger exploit was.. The post Crypto-Stealing Code Found in XRP Toolkit, Devs Urged to Update appeared first on 99Bitcoins.

crypto

Apr 25, 2025 - 23:01

0 0

Well, this one’s a developer’s worst nightmare. The XRP Ledger Foundation just had to clean up a major mess after discovering that a commonly used JavaScript library in the XRP ecosystem had been compromised. The library, called xrpl.js, was hiding a nasty little backdoor that could steal your private keys. The XRP Ledger exploit was traced back to a malicious version of the xrpl.js library, putting thousands of wallets at risk.

On April 21, blockchain security firm Aikido sounded the alarm. They noticed that someone had uploaded five suspicious versions of xrpl.js to the npm package registry, all signed by an unknown publisher going by the name “mukulljangid.” Weirdest part? These versions didn’t exist on the library’s official GitHub, which was a huge red flag.