Michaela
The XRP Ledger Foundation has disclosed a major security flaw in the official JavaScript library used to interact with the XRP Ledger blockchain, prompting a swift software update to patch the issue.
Blockchain security firm Aikido revealed in an April 22 blog post that the open-source JavaScript library used to interact with the XRP Ledger had been infiltrated. According to the post, “sophisticated attackers” managed to implant a backdoor designed to “steal cryptocurrency private keys and gain access to cryptocurrency wallets.”
“This package is used by hundreds of thousands of applications and websites making it a potentially catastrophic supply chain attack on the cryptocurrency ecosystem,” Aikido wrote.
In an April 22 update on X, the XRP Ledger Foundation announced that it had updated its code repository to “remove the previously compromised version.” The foundation also noted that a number of key projects within the XRP Ledger ecosystem — including XRPScan, First Ledger, and Gen3 Games — had verified they were unaffected by the security breach.
Aikido reported that it uncovered the attack after detecting a suspicious package released by a user identified as “mukulljangid.” The user had uploaded five new versions of the XRP Ledger’s JavaScript library, which deviated from the official versions published on GitHub. This discrepancy raised red flags and ultimately led to the discovery of the compromise.
The security firm stated that its system flagged unusual code within the newly uploaded packages. While the code initially appeared normal, the issue became evident towards the end, where a suspicious domain was found embedded in the code.
The identified significant discrepancies between the releases included an analysis of versions 4.2.1 and 4.2.2 revealed notable differences compared to the legitimate version 4.2.0. A detailed comparison showed that from version 4.2.1, the scripts and prettier configurations were removed from the package.json file. The first instance of malicious code insertion appeared in version 4.2.2, specifically within the src/Wallet/index.js file.
Both 4.2.1 and 4.2.2 contained malicious files, such as build/xrp-latest-min.js and build/xrp-latest.js. As the investigation progressed, it became clear that the attacker continued refining their approach. A comparison of versions 4.2.2, 4.2.3, and 4.2.4 showed further malicious modifications. While the earlier versions only affected the packed JavaScript code, later versions also incorporated malicious changes into the TypeScript code, including alterations to src/index.ts and src/Wallet/index.ts.
The changes indicated that the attacker was actively evolving their strategy, transitioning from manually inserting a backdoor into the built JavaScript files to embedding it in the TypeScript code before compiling it into the final version. This progression suggests a deliberate attempt to insert the backdoor more discreetly while maintaining minimal visibility.
Despite the recent security breach, the price of the XRP token saw a notable increase of 7.8% within the last 24 hours, according to data from CoinGecko.
Read More
- Fake GitHub Projects Fuel Crypto Thefts: Kaspersky
- SEC Weighs XRP’s Commodity Status Amid Talks with Ripple Labs
- SEC Postpones Spot ETF Apps XRP, Solana, Others
Michaela has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Magazine and The Shib Daily are the official media and publications of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.
