While the XRP Ledger continues to evolve with new developments, one of its JavaScript libraries has suffered a security vulnerability in a latest incident that could put the entire network at serious security risk.
Malicious code was found in some of the latest versions of the xrpl.js JavaScript library – which is a widely used tool to interact with the XRP Ledger network. This library is maintained by the XRP Ledger Foundation and is recommended by Ripple to interact with the XRP blockchain. Although the breach has now been fixed by the team, the repository is updated with the latest patches.
The vulnerability was first found by blockchain security firm Aikido Security, with the firm identifying a backdoor in versions 4.2.1 to 4.2.4 of the library. This breach could allow attackers to steal private keys and empty a user’s wallet. This back door steals private keys and sends them to attackers," the Aikido team said, adding, "Affected versions 4.2.1 - 4.2.4, if you are using an earlier version, do not upgrade." According to Aikido Security malware researcher Charlie Erickson, this is a sophisticated supply chain exploit and it likely involved the compromise of a Ripple employee's npm account under the username 'mukuljangid'. Charlie said in his analysis,
"The official XRPL (Ripple) npm package was compromised by sophisticated attackers who planted a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets." The rapid release of multiple compromised versions in a short time frame suggests that attackers were testing methods to avoid detection. The purpose of this attack was to steal sensitive data such as private keys, wallet seeds, and mnemonics while transmitting them to an attacker-controlled domain, 0x9c[.]xyz. Fortunately, the timely and immediate detection of the breach The solution prevented any wider distribution as the library has over 140,000 weekly downloads and many people could have been victimized.
Crypto news today
Finencepicks
Ripple News
XRP news
Post a Comment