XRP ($2.02) recently faced a serious security incident when a malicious actor compromised one of its core development tools, the JavaScript library xrpl.js. This software supply chain attack affected specific versions of the library published on the Node Package Manager (NPM), putting users’ private keys at risk.

Aikido Security initially flagged the issue, and Ripple’s Chief Technology Officer, David Schwartz, later confirmed the breach. The attack compromised several versions of xrpl.js — specifically versions 4.2.1 through 4.2.4 and version 2.14.2. Fortunately, Ripple has since patched the vulnerability in versions 4.2.5 and 2.14.3.

Major XRP Platforms Remain Safe

Despite the breach, prominent XRP services such as Xaman Wallet and XRPScan reported no impact from the compromised library versions. Their swift action and use of unaffected versions helped protect users from potential fallout.

The attacker, using the alias “mukulljangid,” gained access via a Ripple employee’s compromised npm account. They began inserting malicious code into the xrpl.js library starting April 21, 2025. The code contained a function designed to steal private keys and transmit them to an external domain. To avoid early detection, the attacker quickly released several versions of the compromised package. Notably, the GitHub repository of xrpl.js remained untouched, indicating the breach was isolated to the npm packages.

Related article: Ripple Fuels XRP Institutional Growth with Asia’s First Tracker Fund

Peter Todd, a well-known Bitcoin developer, criticized Ripple’s failure to use PGP signatures for code verification—a security method he had recommended over a decade ago. He called the software industry “incompetent” and emphasized the broader issue of lax security practices. Although Todd admitted his own Python library lacks PGP signing due to PyPi’s policy changes, he stressed that Ripple could have prevented this specific attack with better safeguards.

XRP Ledger Foundation Responds Swiftly

The XRP Ledger Foundation quickly removed all compromised versions of xrpl.js from public access. They urged developers to upgrade immediately to safe versions—4.2.5 or 2.14.3—and assured the community that a full incident report would be released soon.

This incident has reignited debate over software security in the cryptocurrency industry. Since crypto platforms manage large financial transactions and often provide limited customer support, secure development practices remain critical. 

Developers and companies alike must now prioritize code verification and access control to prevent similar breaches in the future.

The post Ripple Developer Tools Hacked: What Went Wrong and What’s Next appeared first on FXcrypto News.