The XRP ($2.23) community has received a high-priority security warning after Aikido Security discovered a critical vulnerability in the XRPL NPM package. In a recent tweet, Aikido confirmed that the compromised package contains a backdoor that actively steals private keys and transmits them to malicious actors. This library serves as a popular tool for integrating JavaScript or TypeScript apps with the XRP Ledger, particularly for advanced functionalities.

Aikido Security pinpointed specific versions of the XRPL NPM package as compromised. These include versions 4.2.1 through 4.2.4, namely 4.2.1, 4.2.2, 4.2.3, 4.2.4, and even 2.14.2. These versions put both user data and project funds at immediate risk. Therefore, developers using these versions must take urgent action to roll back or secure their systems.

Industry Experts Amplify the Warning

Security leaders and XRP developers quickly echoed the warning. Thomas Silkjaer, Head of Analytics and Compliance at InFTF, amplified Aikido Security’s alert, urging projects to avoid using the affected package versions. He stressed that the latest version could jeopardize all accounts created with the compromised library.

Related article: Ripple Fuels XRP Institutional Growth with Asia’s First Tracker Fund

In addition, a validator known as Vet from XRPL Dune reiterated the danger. He advised XRP Ledger developers and project leaders to avoid any version above 4.2.0. He added that using the latest updates from XRPL JS exposes projects to significant threats.

Alloy Network and XRPL Labs Respond

Alloy Network, an infrastructure provider, confirmed the threat. In a tweet, the company instructed developers to roll back immediately if they are using the affected versions. Denis Angell, a software engineer at XRPL Labs and Xahau, also weighed in. He clarified that version 4.2.0 remains the last known stable release. 

Related article: Ripple’s RLUSD ($1.00) Enters Aave with $55M Pool, Eyes Broader DeFi Impact

Meanwhile, Xaman Builder from XRPL Labs reassured users that the Xaman Wallet remains unaffected. He explained that XRPL Labs uses its own infrastructure and custom-built libraries, avoiding reliance on third-party libraries like xrpl.js. The discovery of the backdoor in the XRPL NPM package has raised significant concern across the XRP development ecosystem. 

Affected parties must act quickly by rolling back to safe versions and avoiding compromised libraries. As leading infrastructure providers and developers continue to issue warnings, it is clear that proactive measures are crucial to protecting user data and digital assets.

The post XRP Developers Warned After Security Breach in XRPL NPM Package appeared first on FXcrypto News.