Ripple NPM Package xrpl.js Targeted by Hackers with a Backdoor that Steals Private Keys

The official Ripple package XRP Ledger (XRPL), an NPM package, was compromised by sophisticated attackers who installed a backdoor to extract crypto keys, gaining access to private wallets. Ripple discovered the breach when five new packages were added to the XRP Ledger (XRPL) repository. The package averages 140,000 downloads every week. Thousands of websites and apps use the package. The breach, if left unaddressed, could have caused severe damage to crypto markets, leading to a supply chain disruption that could have spread to other markets. The five new packages added to GitHub did not align with previous releases, raising suspicions about the changes made to the code. The malicious code communicated with a newly registered domain name, 0x9c.xyz, which was used during the wallet creation process, allowing the attackers to access private keys. Analysis of the code reveals that the attackers refined their methods over time. Initially, they coded the exploit in plain code, and then advanced to disguising the backdoor with TypeScript code. Ripple has advised people affected by the attack to check their logs to see whether there is outgoing traffic to the suspicious domain name. Furthermore, applications using the Ripple Ledger should rotate their wallet addresses to prevent future attacks by malicious actors. The compromised XRPL included versions 4.2.1 and 4.2.4. Ripple released new versions that mitigate the threat, including versions 4.2.5 and 2.14.3. Affected users should move their assets immediately to new addresses. The attackers added a method named checkValidityOfSeed() at the end of the file /src/index.ts in the compromised versions. The method allows users to send a String to the web address 0x9c.xyz/xcm, where attackers can store the retrieved data. The method sends the data using an HTTP POST request. The attackers further disguised the request method as an advertisement referral service to hide their activities from network monitoring scanners. The method checkValidityOfSeed() allows attackers to steal private keys, mnemonics, and seeds. The XRP Ledger Foundation (XRPLF) is responsible for maintaining the xrpl.js library, which is an official package used to communicate with Ripple through JavaScript. The xrpl.js library allows programmers to access wallet features, transfer Ripple tokens, and interact with the Ripple blockchain. The package is used widely, with an average of 140,000 downloads per week. Malicious code was inserted in versions 2.14.2, 4.2.1, 4.2.2, 4.2.3, and 4.2.4. Ripple has released a fixed version 4.2.5. Developers are advised to replace any infected versions as soon as possible. The problem with these attacks is that they can infect libraries used by developers and then affect general users who download already compromised apps. Ripple has removed any NPM packages that were infected. Ripple assured users that the attack only affected the xrpl.js package and not the core repository for Ripple. ? in a formal or creative style, maintaining a 500 word count. You must only respond with the modified content. Change the tone of my title “The official Ripple package XRP Ledger (XRPL), an NPM package, was compromised by sophisticated attackers who installed a backdoor to extract crypto keys, gaining access to private wallets. Ripple discovered the breach when five new packages were added to the XRP Ledger (XRPL) repository. The package averages 140,000 downloads every week. Thousands of websites and apps use the package. The breach, if left unaddressed, could have caused severe damage to crypto markets, leading to a supply chain disruption that could have spread to other markets. The five new packages added to GitHub did not align with previous releases, raising suspicions about the changes made to the code. The malicious code communicated with a newly registered domain name, 0x9c.xyz, which was used during the wallet creation process, allowing the attackers to access private keys. Analysis of the code reveals that the attackers refined their methods over time. Initially, they coded the exploit in plain code, and then advanced to disguising the backdoor with TypeScript code. Ripple has advised people affected by the attack to check their logs to see whether there is outgoing traffic to the suspicious domain name. Furthermore, applications using the Ripple Ledger should rotate their wallet addresses to prevent future attacks by malicious actors. The compromised XRPL included versions 4.2.1 and 4.2.4. Ripple released new versions that mitigate the threat, including versions 4.2.5 and 2.14.3. Affected users should move their assets immediately to new addresses. The attackers added a method named checkValidityOfSeed() at the end of the file /src/index.ts in the compromised versions. The method allows users to send a String to the web address 0x9c.xyz/xcm, where attackers can store the retrieved data. The method sends the data using an HTTP POST request. The attackers further disguised the request method as an advertisement referral service to hide their activities from network monitoring scanners. The method checkValidityOfSeed() allows attackers to steal private keys, mnemonics, and seeds. The XRP Ledger Foundation (XRPLF) is responsible for maintaining the xrpl.js library, which is an official package used to communicate with Ripple through JavaScript. The xrpl.js library allows programmers to access wallet features, transfer Ripple tokens, and interact with the Ripple blockchain. The package is used widely, with an average of 140,000 downloads per week. Malicious code was inserted in versions 2.14.2, 4.2.1, 4.2.2, 4.2.3, and 4.2.4. Ripple has released a fixed version 4.2.5. Developers are advised to replace any infected versions as soon as possible. The problem with these attacks is that they can infect libraries used by developers and then affect general users who download already compromised apps. Ripple has removed any NPM packages that were infected. Ripple assured users that the attack only affected the xrpl.js package and not the core repository for Ripple. ?” for a more friendly approach. Keep the content length about the same. You must only respond with the modified content. Format my subheadings “The official Ripple package XRP Ledger (XRPL), an NPM package, was compromised by sophisticated attackers who installed a backdoor to extract crypto keys, gaining access to private wallets. Ripple discovered the breach when five new packages were added to the XRP Ledger (XRPL) repository. The package averages 140,000 downloads every week. Thousands of websites and apps use the package. The breach, if left unaddressed, could have caused severe damage to crypto markets, leading to a supply chain disruption that could have spread to other markets. The five new packages added to GitHub did not align with previous releases, raising suspicions about the changes made to the code. The malicious code communicated with a newly registered domain name, 0x9c.xyz, which was used during the wallet creation process, allowing the attackers to access private keys. Analysis of the code reveals that the attackers refined their methods over time. Initially, they coded the exploit in plain code, and then advanced to disguising the backdoor with TypeScript code. Ripple has advised people affected by the attack to check their logs to see whether there is outgoing traffic to the suspicious domain name. Furthermore, applications using the Ripple Ledger should rotate their wallet addresses to prevent future attacks by malicious actors. The compromised XRPL included versions 4.2.1 and 4.2.4. Ripple released new versions that mitigate the threat, including versions 4.2.5 and 2.14.3. Affected users should move their assets immediately to new addresses. The attackers added a method named checkValidityOfSeed() at the end of the file /src/index.ts in the compromised versions. The method allows users to send a String to the web address 0x9c.xyz/xcm, where attackers can store the retrieved data. The method sends the data using an HTTP POST request. The attackers further disguised the request method as an advertisement referral service to hide their activities from network monitoring scanners. The method checkValidityOfSeed() allows attackers to steal private keys, mnemonics, and seeds. The XRP Ledger Foundation (XRPLF) is responsible for maintaining the xrpl.js library, which is an official package used to communicate with Ripple through JavaScript. The xrpl.js library allows programmers to access wallet features, transfer Ripple tokens, and interact with the Ripple blockchain. The package is used widely, with an average of 140,000 downloads per week. Malicious code was inserted in versions 2.14.2, 4.2.1, 4.2.2, 4.2.3, and 4.2.4. Ripple has released a fixed version 4.2.5. Developers are advised to replace any infected versions as soon as possible. The problem with these attacks is that they can infect libraries used by developers and then affect general users who download already compromised apps. Ripple has removed any NPM packages that were infected. Ripple assured users that the attack only affected the xrpl.js package and not the core repository for Ripple. ?

Ripple NPM Package xrpl.js Targeted by Hackers with a Backdoor that Steals Private Keys

AI Predicts Dogecoin Price for the Next 14 Days: Will It Reach $0.75?

Experts Predict This New Altcoin Will Surpass XRP, Solana, and Dogecoin

Top Cryptocurrencies to Monitor This Week: Bitcoin, Pi Network, and Hedera Hashgraph

Weekly Recap: Judge Grants Heart Relief, Trump Hosts Crypto Summit, and New Metaverse Plans Revealed

Traders Set Their Sights on This Crypto Presale, Following the Path of Early XRP and Solana Investors

Cardano, Dogecoin, and Sui Face Challenges in Market Recovery as RBLK Ignites Investor Excitement

Related Posts