While XRP Ledger continues evolving with newer developments, one of its Javascript libraries has encountered a security vulnerability in a latest incident that could have put the whole network on severe security risk.
The xrpl.js JavaScript library – which is a widely used tool for interacting with the XRP Ledger network—was found to have malicious code in some of the latest versions. This library is maintained by the XRP Ledger Foundation and recommended by Ripple for interacting with the XRP blockchain.
Although the breach is now fixed by the team, repositories are updated with the latest patches.
The vulnerability was first found by the blockchain security firm Aikido Security with the firm identifying a backdoor in versions 4.2.1 through 4.2.4 of the library. This breach could allow attackers to steal private keys and drain user wallets.
“This back door steals private keys and sends them to attackers,” said the Aikido team, adding “The affected versions 4.2.1 – 4.2.4, if you are using an earlier version, do not upgrade.”
According to Charlie Eriksen, a malware researcher at Aikido Security, this is a sophisticated supply chain exploit and it likely involved the compromise of a Ripple employee’s npm account under the username ‘mukulljangid.’
“The official XRPL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets,” Charlie said in his analysis.
The rapid release of multiple compromised versions in a short time frame suggests the attackers were testing methods to evade detection. This attack was aimed to siphon sensitive data such as private keys, wallet seeds, and mnemonics while transmitting them to an attacker-controlled domain, 0x9c[.]xyz.
Fortunately, timely and urgent fix of the breach prevented any major distribution as the library boasts over 140,000 weekly downloads and many would have fallen victim to it.
Also read: XRP Offers More Utility Than Bitcoin, Says Teucrium CEO
