Well, this one’s a developer’s worst nightmare. The XRP Ledger Foundation just had to clean up a major mess after discovering that a commonly used JavaScript library in the XRP ecosystem had been compromised. The library, called xrpl.js, was hiding a nasty little backdoor that could steal your private keys. The XRP Ledger exploit was traced back to a malicious version of the xrpl.js library, putting thousands of wallets at risk.
On April 21, blockchain security firm Aikido sounded the alarm. They noticed that someone had uploaded five suspicious versions of xrpl.js to the npm package registry, all signed by an unknown publisher going by the name “mukulljangid.” Weirdest part? These versions didn’t exist on the library’s official GitHub, which was a huge red flag.
We have discovered a backdoor in the official #xrpl NPM package. This back door steals private keys and sends them to attackers. The affected versions 4.2.1 – 4.2.4, if you are using an earlier version, do not upgrade.#crypto #malware #npm pic.twitter.com/wshcTFKjbR
— Aikido Security (@AikidoSecurity) April 22, 2025
Digging into the code, Aikido found a function called checkValidityOfSeed hidden inside the wallet creation process. It was doing one thing, quietly sending private keys off to an outside domain called 0x9c.xyz. In short, any app using one of those versions could have leaked users’ wallet credentials without them ever knowing.
The XRP Ledger Foundation acted fast. They pulled the infected versions from npm and pushed out a clean one, version 4.2.5. Developers were told to upgrade immediately to shut the door on the exploit.
The Impact of this Discovered Exploit
This wasn’t just a small blip either. xrpl.js is a big part of the XRP developer toolkit, clocking over 140,000 downloads a week. That means any project that integrated one of the malicious versions could have unknowingly put users at risk.
DISCOVER: 9+ Best High-Risk, High–Reward Crypto to Buy in March 2025
Luckily, not everyone was affected. Established platforms in the XRP ecosystem like XRPScan, First Ledger, and Gen3 Games said they were in the clear. Still, the fact that a compromised version of the core library got published and downloaded is a serious reminder of just how fragile software supply chains can be.
Even with the scare, XRP’s market price didn’t flinch. The token actually ended the day up more than 3.5 percent, sitting pretty with a market cap north of $125 billion. So while the devs were scrambling behind the scenes, the market didn’t seem too spooked.
XRP Ledger Exploit: Security Recommendations
If you’re a developer working with xrpl.js, here’s the quick checklist:
- Update immediately to version 4.2.5 or roll back to 2.14.3, which was not affected
- If there’s any chance a compromised version touched your environment, rotate your private keys
- Use lockfiles to avoid surprise updates sneaking into your build
- Be cautious with versioning symbols like ^ in your package.json since they can silently pull in minor updates
Conclusion
This incident is a textbook example of a supply chain attack and shows how even trusted libraries can become attack vectors. With crypto, the stakes are high and the window for error is small. If you’re building in this space, staying paranoid might just save your project, and your users’ funds.
DISCOVER: 20+ Next Crypto to Explode in 2025
Join The 99Bitcoins News Discord Here For The Latest Market Updates
- Malicious versions of the popular XRP developer library xrpl.js were uploaded to npm, containing code that leaked private keys.
- The rogue versions were not present on the library’s official GitHub, and were flagged by security firm Aikido on April 21.
- The XRP Ledger Foundation responded quickly, removing the infected packages and releasing a clean update (v4.2.5).
- Projects using compromised versions could have exposed users to wallet breaches; developers are urged to update and rotate keys.
- The incident highlights major risks in crypto software supply chains, even as XRP’s market price remained unaffected.
The post Crypto-Stealing Code Found in XRP Toolkit, Devs Urged to Update appeared first on 99Bitcoins.
