A major security scare has rocked the XRP developer community after a trusted XRPL integration tool was found to be compromised. The tool in question is the XRPL NPM package, which is widely used to build JavaScript and TypeScript applications that interact with the XRP Ledger.
According to the cybersecurity platform Aikido Security, the package contained a hidden backdoor capable of stealing private keys. The stolen keys were then transmitted to an external server controlled by attackers, putting user funds in immediate danger.
Also Read: WazirX Set to Return After $234M Hack if Court Approves May 13 Ruling
The compromised versions are 4.2.4, 4.2.3, 4.2.2, 4.2.1, and 2.14.2, and developers using any of them are urged to roll back their projects to a safer release.
Following the alert from Aikido Security, other voices in the XRP ecosystem quickly confirmed the threat. Infrastructure provider Alloy Network described the situation as verified and dangerous, calling on all projects to downgrade immediately.
Security Community Reacts as XRPL Library Breach Triggers Urgent Rollbacks
Vet, a known XRPL validator, warned that any application built using the affected versions could expose user assets to theft. Vet emphasized that developers must avoid all versions from 4.2.1 upward, as these have been compromised with malicious code.
Thomas Silkjaer, who leads Analytics and Compliance at InFTF, amplified the alert by sharing Aikido Security’s findings on social media. He cautioned developers that using the latest NPM version could put all newly created accounts at serious risk of compromise.
Denis Angell from XRPL Labs, who also works for Xahau, verified that version 4.2.0 is currently the most stable version, which offers secure performance. All developers should use version 4.2.0 of the software while actively disregarding any subsequent version updates.
XRPL Labs specifically addressed the Xaman Wallet security concerns. The company declared it does not handle private keys using the xrpl.js package anywhere in its operations. The Xaman Wallet platform uses its independently built structure, so users maintain security against the reported data incident.
Conclusion
This incident has raised fresh concerns about the safety of open-source packages used in the crypto space. Developers are strongly advised to conduct immediate audits and remove all compromised versions of the XRPL library. Security experts continue to monitor the situation to prevent further damage across the XRP ecosystem.
Also Read: Solana Eyes $200 After Breaking Key Resistance, Despite Whale-Induced Volatility
