All Things XRP (@XRP_investing), a widely XRP enthusiat, warned XRP holders about a major security breach affecting the XRP Ledger JavaScript SDK. His post alerted users that a hacker had slipped a backdoor into several recent versions of the XRPL package on NPM, a package manager used by countless crypto developers. The compromised versions, 4.2.1 through 4.2.4 and 2.14.2, could steal users’ private keys. This exploit was initially discovered by Aikido Security . The hacker infiltrated the official package and uploaded modified versions to NPM on April 21. These fake updates mimicked legitimate releases but didn’t match the trusted GitHub repository. This allowed the attacker to plant code that could extract private keys from users without immediate detection. XRP LEDGER ALERT A hacker attacked the XRPL JavaScript package on NPM, used by tons of crypto apps. They slipped a backdoor into versions 4.2.1–4.2.4 & 2.14.2 to steal private keys. Here's the simple scoop: What happened? Bad versions of the XRPL package were… — All Things XRP (@XRP_investing) April 22, 2025 All Things XRP emphasized how widely used this package is, noting it has more than 140,000 weekly downloads. Because many developers rely on automatic updates, numerous apps may have unknowingly integrated the malicious code. “If you use XRPL, stick to v4.2.0 or check your version,” he urged, recommending manual updates and dependency locks as a precaution. Detection and Response This breach is part of a broader trend of attacks targeting major players in the crypto industry. Aikido Security’s automated monitoring tools flagged inconsistencies between the NPM package and the legitimate source code. We are on twitter, follow us to connect with us :- @TimesTabloid1 — TimesTabloid (@TimesTabloid1) July 15, 2023 A deeper investigation confirmed a backdoor triggered during operations like wallet creation and sent the private keys for the wallets to an external server. Aikido Security revealed technical details of the exploit in its blog post , confirming that the breach occurred between the evening of April 21 and midday of April 22. This implies that systems updated during that window may be compromised. Developers Urged to Take Action Following the alert, the XRPL SDK maintainers released secure versions 4.2.5 and 2.14.3, removing unauthorized code. Developers who may have used the affected versions are told to upgrade immediately and treat any private keys used with those packages as exposed. All Things XRP concluded his message with a key reminder for the community: “Always double-check package updates & use tools to catch sneaky code.” With scams and hacks on the rise in the crypto space, investors need to stay alert and secure sensitive information to avoid losing their assets. Disclaimer : This content is meant to inform and should not be considered financial advice. The views expressed in this article may include the author’s personal opinions and do not represent Times Tabloid’s opinion. Readers are urged to do in-depth research before making any investment decisions. Any action taken by the reader is strictly at their own risk. Times Tabloid is not responsible for any financial losses. Follow us on X , Facebook , Telegram , and Google News The post Expert Issues Critical Warning to XRP Holders appeared first on Times Tabloid .
https://www.digistore24.com/redir/325658/ceobig/
