Catenaa, Saturday, May 03, 2025-The XRP Ledger Foundation disclosed a serious vulnerability last Tuesday in recent versions of the XRPL JavaScript library, warning of potential supply chain attacks targeting cryptocurrency applications.
Security researcher Charlie Eriksen of Aikido Security identified the flaw, describing it as a “potentially catastrophic” backdoor capable of compromising private keys and wallets. The affected versions include v4.2.1 to v4.2.4 and v2.14.2, widely used to build apps on the XRP Ledger.
The foundation urged developers to immediately update to version 4.2.5, clarifying that the vulnerability affects the JavaScript SDK and not the XRP Ledger blockchain or GitHub repository itself.
Eriksen noted that the backdoor was limited to versions uploaded to Node Package Manager (NPM) and would only affect services that updated to the malicious versions within a short time frame. Projects such as Xaman Wallet and XRPScan stated their platforms remain unaffected.
“If you believe you may have been impacted, it’s important to treat your private keys as compromised and transfer assets to new wallets,” Eriksen advised.
Despite the alarming disclosure, XRP, the network’s native token, rose 4% Tuesday amid a broader cryptocurrency market rally.
The XRP Ledger, launched by Ripple Labs more than a decade ago, is primarily used for cross-border payments and tokenization services.
A full report on the breach is expected once a detailed investigation concludes.
