A blockchain security expert from Alkido has discovered a significant flaw in the xrpl npm package version 22.20.22.26-2.26. 224 and v2104.04. On April 25, it was noted that hundreds of thousands of applications and websites exploit this package to steal private keys immediately upon the creation of a Wallet object. The XRP Ledger Foundation released an urgent security alert on April 22, highlighting a significant vulnerability in its official JavaScript library, xrpl. JavaScript utilized by developers to engage with the XRP Ledger blockchain. The vulnerability was recognized as a complex supply chain attack, where malicious code was embedded in certain versions of the xrpl. JavaScript library that could compromise the security of cryptocurrency wallets by using this package. Aikido Intel, which operates Aikido’s public threat feed utilizing LLMs to keep an eye on public package managers, identified the vulnerability. This issue pertains to specific versions of xrpl. JavaScript, particularly version 4.2.
Related Posts

NFT Founder Accused of Stealing Millions from Crypto Investors
In a case that’s sending shockwaves through both the NFT and Bitcoin communities, the founder of an NFT project and…
Ex-Monero Boss Drops AI KYC Bomb: ‘Crypto Compliance Will Be Dead in 2 Years
AI-generated KYC fraud could bypass compliance checks within two years, warns ex-Monero lead, threatening crypto/traditional finance security. Monero (XMR) surges…

Billionaire Tim Draper Reinforces Optimistic Bitcoin Forecast, Issues Warning to Skeptics
## Tim Draper Shares His Vision for Emerging Technologies Billionaire Tim Draper recently took to X to share his thoughts…