Summary: The Ripple cryptocurrency NPM library “xrpl.js” has been compromised to steal XRP wallet seeds and private keys through malicious code added to specific versions. This code was designed to send sensitive information to an attacker-controlled server, resulting in potential theft of funds. Users are urged to upgrade to the clean version 4.2.5 immediately and take steps to secure their accounts.
Affected: XRP Ledger Foundation (XRPLF) and users of xrpl.js
Keypoints :
- Malicious code was found in versions 2.14.2, 4.2.1, 4.2.2, 4.2.3, and 4.2.4 of the xrpl NPM package.
- A function named checkValidityOfSeed was used to exfiltrate wallet credentials through HTTP POST requests to a specific server.
- Developers are advised to stop using the compromised versions and rotate any potentially exposed private keys.