A blockchain security expert from Alkido has discovered a significant flaw in the xrpl npm package version 22.20.22.26-2.26. 224 and v2104.04. On April 25, it was noted that hundreds of thousands of applications and websites exploit this package to steal private keys immediately upon the creation of a Wallet object. The XRP Ledger Foundation released an urgent security alert on April 22, highlighting a significant vulnerability in its official JavaScript library, xrpl. JavaScript utilized by developers to engage with the XRP Ledger blockchain. The vulnerability was recognized as a complex supply chain attack, where malicious code was embedded in certain versions of the xrpl. JavaScript library that could compromise the security of cryptocurrency wallets by using this package. Aikido Intel, which operates Aikido’s public threat feed utilizing LLMs to keep an eye on public package managers, identified the vulnerability. This issue pertains to specific versions of xrpl. JavaScript, particularly version 4.2.
Related Posts
RLUSD Can Be Frozen for Compliance, Ripple CTO Admits
RLUSD’s clawback feature ensures compliance by allowing freezing or reversal under legal mandates. The GENIUS Act requires stablecoin issuers to…
Ripple CTO Explains the Connection Between XRPL Memecoins and XRP Price Movements
**The Connection Between XRPL Memecoins and XRP: What You Need to Know** The prices of memecoins on the XRPL are…
Search interest in XRP has significantly decreased following the conclusion of the Ripple lawsuit. Did the SEC play a role in this decline?
Following the settlement of the lawsuit, XRP’s price shot up to $2.60 but soon fell by almost 20%, leaving optimistic…