XRP Ledger Foundation Acts Fast on XRPL.js Bug; Threat Neutralized
- Backdoor in XRPL.js NPM packages exposed private keys in versions 4.2.1 to 4.2.4
- Only the NPM distribution was compromised, GitHub repository remains unaffected
- Version 4.2.5 released quickly to patch vulnerability and secure developer environments
A critical security breach has rattled the XRP development community following discovery of a backdoor in XRPL.js package versions 4.2.1 through 4.2.4 on NPM. The malicious code, present in versions 4.2.1 through 4.2.4, was capable of stealing users’ private keys and transmitting them to attackers.
This prompted Ripple’s Chief Technology Officer, David Schwartz, to issue a public warning. Developers using these compromised versions are strongly advised to treat any exposed credentials as compromised.
Breach Limited to NPM; Core Ledger Safe
The breach, first reported by Aikido Security, revealed the NPM distribution of XRPL.js was altered with key-stealing code; the GitHub repository was not affected. This suggests only the NPM channel was compromised.
Related: Ripple’…
The post XRP Ledger Foundation Acts Fast on XRPL.js Bug; Threat Neutralized appeared first on Coin Edition.
Read More
XRP Ledger Foundation Acts Fast on XRPL.js Bug; Threat Neutralized
- Backdoor in XRPL.js NPM packages exposed private keys in versions 4.2.1 to 4.2.4
- Only the NPM distribution was compromised, GitHub repository remains unaffected
- Version 4.2.5 released quickly to patch vulnerability and secure developer environments
A critical security breach has rattled the XRP development community following discovery of a backdoor in XRPL.js package versions 4.2.1 through 4.2.4 on NPM. The malicious code, present in versions 4.2.1 through 4.2.4, was capable of stealing users’ private keys and transmitting them to attackers.
This prompted Ripple’s Chief Technology Officer, David Schwartz, to issue a public warning. Developers using these compromised versions are strongly advised to treat any exposed credentials as compromised.
Breach Limited to NPM; Core Ledger Safe
The breach, first reported by Aikido Security, revealed the NPM distribution of XRPL.js was altered with key-stealing code; the GitHub repository was not affected. This suggests only the NPM channel was compromised.
Related: Ripple’…
The post XRP Ledger Foundation Acts Fast on XRPL.js Bug; Threat Neutralized appeared first on Coin Edition.
Read More