The Ripple Ecosystem is shining the spotlight after hackers inject malicious code into the official Node Package Manager (NPM) of XRP Leisure (XRPL).
Security company Aikido said the fake package appeared at 20:53 on Monday, April 21st, and was uploaded under the name “Mukulljangid.” Aikido researcher Charlie Eriksen warned that the incident could be “catastrophic” if left undetected, as it is at the root of the XRPL package and “hunds of thousands of applications and websites.” Github’s download statistics show that the package has been fetched about 140,000 times over the last week alone.
Aikido’s AI-powered threat feed has flagged five suspicious versions that never appeared in XRPL’s GitHub repository. In the serial version, the attacker carefully hid the backdoor, which quietly exported the private key of the wallet. Anyone with these keys can move the funds without the owner’s permission and require prompt revisions. The XRPL community has released clean version v2.2.1 that disables codes infected with 2:00 pm GMT on Tuesday, April 22nd, but Ripple has not yet made an official announcement.
Developers are currently auditing pipeline builds, cleaning up affected versions, and rotating keys that may have been exposed.
Violations come at a time when they are sensitive to ripples. In January 2024, co-founder Chris Larsen lost $112 million in XRP to a burglar who used his last pass violation. After XRP surged 294% last year, that amount is now worth $449 million. DFT, running on XRP, currently has around $80 million in user deposits. All of these can be vulnerable if the backdoor has been active for a long time.
*This is not investment advice.
Discover more from Earlybirds Invest
Subscribe to get the latest posts sent to your email.
