XRP Ledger Fixes Critical Vulnerability in XRPL JavaScript Library
A security threat was identified involving the XRP Ledger's developer access token, leading to the potential publication of malicious code. Key details include:
- A hidden issue in recent versions of a toolkit for the XRP Ledger was exploited.
- The theft of a developer’s NPM access token was confirmed, although the method and identity of the attackers remain unknown.
- Major services like Xaman Wallet and XRPScan reported they were not impacted.
- The flaw posed risks of potentially allowing attackers to steal private keys from users' wallets.
- On April 21, Aikido Intel detected five new package versions of the xrpl package, an SDK with over 140,000 weekly downloads.
- Only third-party apps that installed the flawed versions (v4.2.1-4.2.4 and v2.14.2) during a specific timeframe are at risk.
- The XRP Ledger Foundation promptly released updates to mitigate the issue.
- The vulnerability affects the xrpl.js JavaScript library but not the XRP Ledger codebase or GitHub repository.
- Projects using xrpl.js should upgrade to version 4.2.5 immediately.
- XRP prices rose by 8.5% in the past 24 hours amid a broader market increase.