“The XRP Ledger Foundation has reported the detection of serious vulnerability in the JavaScript library XRPL.JS, which is used to interact with the XRP Ledger network. Earlier Today, A Security Researcher from @Aikidosecurity Identified a Serious Vulnerability in the XRPL NPM Package (V4.2.1-4.2.4 and V2.14.2). We Are Aware of the Issue and Are Actiely Working on a Fix. A detailed Post-mortem Will Follow. – […]”, – WRITE: Businessua.com.ua
The XRP Ledger Foundation has reported the detection of serious vulnerability in the JavaScript library XRPL.JS, which is used to interact with the XRP Ledger network.
Earlier Today, a Security Researcher from @aikidosecurity Identified A Serious Vulnerability in the XRPL NPM Package (V4.2.1-4.2.4 and V2.14.2).
We Are Aware of the Issue and Are Actiely Working on a Fix.
A detailed Post-mortem Will Follow.
– Xrp Ledger Foundation (Official) (@xrplf) April 22, 2025
The problem was revealed by Aikido Security, which warned that the vulnerability could have caused a large -scale attack on users, allowing the attackers to steal private cryptomamen.
The problem was touched by the XRPL.JS versions of V4.2.1 by V4.2.4 and V2.14.2, published on April 21 in the Node Package Manager (NPM) system. As it turned out, the attacker inserted a malicious code that sent private user keys to a third -party resource.
The XRP Ledger Foundation immediately recalled the compromised versions and released a safe update of V4.2.5, calling on all the developers to urgently switch to it. The Fund also promised to publish a detailed report after the incident analysis is completed.
According to Aikido Security researchers, this attack was especially dangerous due to the popularity of the XRPL.JS library, which receives more than 140,000 loads every week.
Projects used by vulnerable versions should immediately change private keys and transfer assets to new, protected wallets.
We will remind, on February 4, the XRP Ledger network resumed work after more than an hour failure.
The gun
Please wait …