Currencies34188
Market Cap$ 4.14T+1.25%
24h Spot Volume$ 55.94B+17.1%
DominanceBTC57.17%-0.41%ETH11.17%+1.19%
ETH Gas0.24 Gwei
Cryptorank

Crypto-Stealing Backdoor Found in Official XRP Ledger NPM Package


by Abdulkarim Abdulwahab
for CoinEdition
XRPL.js NPM Package Had Backdoor Alert Issued Steals Keys
  • XRP Ledger’s official NPM package was injected with a crypto-stealing backdoor.
  • The affected NPM versions are 4.2.1 to 4.2.4 and 2.14.2.
  • Users must upgrade to patched versions and rotate private keys.

A supply chain attack compromised the official XRP Ledger JavaScript SDK, injecting a backdoor into specific versions of NPM. A backdoor in specific NPM versions targeted private key theft, putting connected XRP wallets at risk. 

SlowMist issued a high-priority alert urging immediate updates and credential rotation.

How Malicious Code Hit NPM

The attack centered around the xrpl NPM package, used by developers to interact with the XRP Ledger blockchain. Between April 21 at 20:53 GMT+0 and April 22, malicious versions 4.2.1 through 4.2.4 and 2.14.2 were published to NPM under a legitimate package name.

Related: XRP Ledger Foundation Acts Fast on XRPL.js Bug; Threat Neutralized

However, an unauthorized user, “mukulljangid” made these versions. These versions included code that could steal private keys from crypto wallets.

Unlike standard updates, these releases were not mirrored on the official GitHub repository, prompting red flags within the secu…

The post Crypto-Stealing Backdoor Found in Official XRP Ledger NPM Package appeared first on Coin Edition.

Read the article at CoinEdition

Read More

XRP Bullish Cross Playing Out Again: $9 Or $24 Next?

XRP Bullish Cross Playing Out Again: $9 Or $24 Next?

XRP’s technical setup is playing out another major move, and this time the bullish mo...
What’s Next for Hyperliquid’s HYPE Token? What Wall Street and Analysts Are Saying

What’s Next for Hyperliquid’s HYPE Token? What Wall Street and Analysts Are Saying

Wall Street’s crypto treasury spree is spreading to altcoins. With one firm recently ...

Crypto-Stealing Backdoor Found in Official XRP Ledger NPM Package


by Abdulkarim Abdulwahab
for CoinEdition
XRPL.js NPM Package Had Backdoor Alert Issued Steals Keys
  • XRP Ledger’s official NPM package was injected with a crypto-stealing backdoor.
  • The affected NPM versions are 4.2.1 to 4.2.4 and 2.14.2.
  • Users must upgrade to patched versions and rotate private keys.

A supply chain attack compromised the official XRP Ledger JavaScript SDK, injecting a backdoor into specific versions of NPM. A backdoor in specific NPM versions targeted private key theft, putting connected XRP wallets at risk. 

SlowMist issued a high-priority alert urging immediate updates and credential rotation.

How Malicious Code Hit NPM

The attack centered around the xrpl NPM package, used by developers to interact with the XRP Ledger blockchain. Between April 21 at 20:53 GMT+0 and April 22, malicious versions 4.2.1 through 4.2.4 and 2.14.2 were published to NPM under a legitimate package name.

Related: XRP Ledger Foundation Acts Fast on XRPL.js Bug; Threat Neutralized

However, an unauthorized user, “mukulljangid” made these versions. These versions included code that could steal private keys from crypto wallets.

Unlike standard updates, these releases were not mirrored on the official GitHub repository, prompting red flags within the secu…

The post Crypto-Stealing Backdoor Found in Official XRP Ledger NPM Package appeared first on Coin Edition.

Read the article at CoinEdition

Read More

XRP Bullish Cross Playing Out Again: $9 Or $24 Next?

XRP Bullish Cross Playing Out Again: $9 Or $24 Next?

XRP’s technical setup is playing out another major move, and this time the bullish mo...
What’s Next for Hyperliquid’s HYPE Token? What Wall Street and Analysts Are Saying

What’s Next for Hyperliquid’s HYPE Token? What Wall Street and Analysts Are Saying

Wall Street’s crypto treasury spree is spreading to altcoins. With one firm recently ...