A blockchain security expert from Alkido has discovered a significant flaw in the xrpl npm package version 22.20.22.26-2.26. 224 and v2104.04. On April 25, it was noted that hundreds of thousands of applications and websites exploit this package to steal private keys immediately upon the creation of a Wallet object. The XRP Ledger Foundation released an urgent security alert on April 22, highlighting a significant vulnerability in its official JavaScript library, xrpl. JavaScript utilized by developers to engage with the XRP Ledger blockchain. The vulnerability was recognized as a complex supply chain attack, where malicious code was embedded in certain versions of the xrpl. JavaScript library that could compromise the security of cryptocurrency wallets by using this package. Aikido Intel, which operates Aikido’s public threat feed utilizing LLMs to keep an eye on public package managers, identified the vulnerability. This issue pertains to specific versions of xrpl. JavaScript, particularly version 4.2.
Related Posts
Crypto Roundup: XRP Documentary on the Horizon, Shiba Inu Embraces DAO Governance, and PEPE Liquidations Surge
The cryptocurrency world continues to churn with new developments. The upcoming release of an XRP documentary, Shiba Inu’s move towards…
VeChain Community Prepares for Galactica Upgrade Vote: Key Expectations and Insights
**Exciting Changes Ahead: The Galactica Upgrade is Here!** The Galactica upgrade is set to bring some fantastic enhancements to VeChainThor,…
Bybit Hacker Transfers 62,200 ETH: Full Amount Could Be Liquidated in Just 3 Days
**A Closer Look at North Korea’s Lazarus Group and Their Recent Activities** In recent developments, North Korea’s Lazarus Group has…