XRP Ledger avoids “catastrophic” attack that injected malicious code into the developer kit

By Hannah Pérez

The XRP ecosystem faced a potentially “catastrophic” hack after a malicious actor compromised and tool kit used by XRP Ledger developers.

***

• Hacker injected malicious code into the XRP Ledger developer kit.
• The threat, which could have led to a “catastrophic” attack, was discovered and repaired in time.
• Atcase could have stolen private keys, putting wallets at risk.
• Vulnerability compromised recent versions of the JavaScript library.

---

A problem potentially “catastrophic”It has been corrected in the block chain of XRP Ledgerafter attackers inject malicious code into a key library used by developers of the network of Ripple.

The security team of Aikido Security discovered and reported for the first time about the problem, –Before the introduction of a patch– Saying that it would have allowed attackers to steal private keys, putting cryptocurrency wallets at risk, which could have led to a broader important attack throughout the XRP ecosystem.

The malicious code was specifically injected into the recent versions of a new tool kit used by computer developers to create applications that work with or on XRP Ledger.

In particular, computer pirates obtained access to a Node Package Manager (NPM) token from developers, which allowed them to publish compromised versions of XRPL.JS, the official library of JavaScript To interact with XRP Ledger.

“We quickly confirm that The official NPM package of XPRL (Ripple) was compromised by sophisticated attackers who placed a rear door to steal private cryptocurrency keys and obtain access to cryptocurrency wallets ”Charlie Eriksen wrote, a researcher from Aikido Securityin a blog post.

This package is used by hundreds of thousands of applications and websites, which makes it a potentially catastrophic attack to the cryptocurrency ecosystem supply chain.

XRP Ledger Tool Kit Committed

With more than 140,000 weekly discharges, the package is widely integrated into hundreds of thousands of applications and websites, which generated concerns about the potential rape scale. The researcher said the malicious code was detected on April 21, when the monitoring system of Aikido He marked five versions of packages as suspects.

The problem only affected the most recent NPM versions, a site where developers share reusable code for projects, which means that only third -party applications or services that installed defective versions for a short period could be at risk. The committed versions of XRPL.JS were V4.2.1 through V4.2.4 and V2.14.2.

The main XRP -related services, such as the wallet, Xaman Walletand the transactions tracking site in XRP Ledger, XRPSCANthey said in separate publications that had not been affected.

The team of the XRP Ledger Foundation, that quickly solved the problem by launching updated versions, He clarified that vulnerability was in the library of JavaScript and that does not affect the base code of XRP Ledger or the repository of GITHUB per se.

“The projects used xrpl.js must be updated to V4.2.5 immediately“, Published the foundation separately.

A library of JavaScript It is a pre-written code collection to simplify tasks in web development. A repository of GITHUB It is an online storage space for the code, the archives and the history of a project, housed in GITHUB.

While the hacker’s identity is still unknown, Aikido Security He insinuated having clues under investigation. He said he will reveal more information as soon as he confirms his suspicions about those responsible.

---

Hannah Estefanía Pérez / Diariobitcoin

Image of Depositphotos

WARNING: Diariobitcoin offers informative and educational content on various topics, including cryptocurrencies, AI, technology and regulations. We do not provide financial advice. Cryptactive investments are high risk and may not be adequate for all. Investigate, consult an expert and verify the applicable legislation before investing. I could lose all its capital.