A blockchain security expert from Alkido has discovered a significant flaw in the xrpl npm package version 22.20.22.26-2.26. 224 and v2104.04. On April 25, it was noted that hundreds of thousands of applications and websites exploit this package to steal private keys immediately upon the creation of a Wallet object. The XRP Ledger Foundation released an urgent security alert on April 22, highlighting a significant vulnerability in its official JavaScript library, xrpl. JavaScript utilized by developers to engage with the XRP Ledger blockchain. The vulnerability was recognized as a complex supply chain attack, where malicious code was embedded in certain versions of the xrpl. JavaScript library that could compromise the security of cryptocurrency wallets by using this package. Aikido Intel, which operates Aikido’s public threat feed utilizing LLMs to keep an eye on public package managers, identified the vulnerability. This issue pertains to specific versions of xrpl. JavaScript, particularly version 4.2.
Related Posts
SimpleFX Strengthens Global Footprint, Adds 1,000+ Instruments
SimpleFX has unveiled a significant upgrade to its trading platform, significantly expanding its range of tradable assets. The platform now…
3 Reasons Why Top Cardano Holders Are Secretly Accumulating Remittix’s RTX
Cardano holders are riding the bullish wave sweeping across the crypto landscape, leading up to ADA’s 22% upticks, over the…
Concerns about trade might hasten the decline of cryptocurrencies, with Nansen estimating a 70% likelihood of reaching a low point before June.
Nansen’s research indicates a 286% likelihood that cryptocurrencies will reach their lowest point before June due to ongoing tariff uncertainties.…