Ripple NPM supply chain attack hunts for private keys – Source: go.theregister.com https://ciso2ciso.com/ripple-npm-supply-chain-attack-hunts-for-private-keys-source-go-theregister-com/ #rssfeedpostgeneratorecho #TheRegisterSecurity #CyberSecurityNews #TheRegister #Ripple

One of the most downloaded XRP libraries on npm was backdoored to steal private keys — and most developers didn’t see it coming.

Ripple’s `xrpl.js` library was compromised in a sophisticated supply chain attack that inserted a malicious function to exfiltrate crypto wallet secrets to an external domain.

What happened:
- The backdoor was added in npm versions 4.2.1 through 4.2.4 and 2.14.2
- Malicious code was introduced via a compromised Ripple developer’s npm account
- The attacker used a function called `checkValidityOfSeed` to quietly steal private keys
- The GitHub repo was untouched — only the npm package was altered
- Updated safe versions: 4.2.5 and 2.14.3

With nearly 3 million total downloads and 135K+ weekly users, this was a high-value target — and a clear reminder of just how fragile open-source dependencies can be in the Web3 ecosystem.

Security reminders for devs working in crypto or blockchain:
- Rotate secrets if you used affected versions
- Always lock package versions in production
- Set up alerts for unusual package versioning behavior
- Use 2FA and scoped tokens on npm accounts
- Treat libraries like any other third-party threat surface

This wasn’t a bug. It was a breach — inside the supply chain. And it could have quietly drained wallets at scale.

In Web3, your dependencies are your perimeter.

Urgent: xrpl.js library compromised; XRP wallet seeds stolen via malicious code. #XRP #Ripple #CryptoSecurity

More details: https://www.bleepingcomputer.com/news/security/ripples-recommended-xrp-library-xrpljs-hacked-to-steal-wallets - https://www.flagthis.com/news/13715

#Ripple's recommended #XRP library #xrpljs hacked to steal wallets

https://www.bleepingcomputer.com/news/security/ripples-recommended-xrp-library-xrpljs-hacked-to-steal-wallets/

The popular xrpl.js #Ripple #cryptocurrency library was compromised in a supply chain attack
https://securityaffairs.com/176844/hacking/the-xrpl-js-ripple-cryptocurrency-library-was-compromised-in-a-supply-chain-attack.html
#securityaffairs #hacking

XRP Lawsuit Dismissal May Delay, Ex-SEC Says Despite Paul Atkins’ US SEC Entry - The speculations on a sooner-than-expected XRP lawsuit dismissal have soared as Paul Atki... - https://coingape.com/xrp-lawsuit-dismissal-may-delay-ex-sec-says-despite-paul-atkins-us-sec-entry/ #24/7cryptocurrencynews #ripplelawsuit #xrplawsuit #ripple #xrp

Analyst Predicts XRP Price Rally To $2.70 Looms As Ripple Network Activity Jumps 70% - A renowned crypto market analyst has predicted that XRP price is eyeing a rally to $2.70 ... - https://coingape.com/analyst-predicts-xrp-price-rally-to-2-70-looms-as-ripple-network-activity-jumps-70/ #24/7cryptocurrencynews #altcoinnews #xrpprice #ripple #xrp

Circle Launches Payments Network To Compete With Ripple - Circle has rolled out its Circle Payments Network (CPN), designed to change the landscape... - https://coingape.com/circle-launches-payments-network-to-compete-with-ripple/ #24/7cryptocurrencynews #stablecoins #circle #ripple

https://www.europesays.com/2015289/  South Korea prefers Ripple’s XRP to Bitcoin #bitcoin #ripple #SouthKorea

XRP Usage Soars in Latin America – Is $10 XRP Incoming? - The price of XRP has risen by 4% in the past 24 hours, with its move to $2.13 comi... - https://cryptonews.com/news/xrp-usage-soars-in-latin-america-is-10-xrp-incoming/ #priceprediction #priceanalysis #ripple #xrp

John Deaton Expresses Surprise At Ripple’s Exclusion As Crypto Firms Look To Apply For Bank Licenses - Former Senatorial candidate and pro-XRP lawyer John Deaton has commented on a recent repo... - https://coingape.com/john-deaton-expresses-surprise-at-ripples-exclusion-as-crypto-firms-look-to-apply-for-bank-licenses/ #24/7cryptocurrencynews #johndeaton #coinbase #circle #ripple #bitgo

Hidden Road Broker Deal: Ripple Executive Explains The Role of XRPL - Ripple’s XRP Ledger (XRPL) is poised to take center stage in the Hidden Road broker deal.... - https://coingape.com/hidden-road-broker-deal-ripple-executive-explains-the-role-of-xrpl/ #24/7cryptocurrencynews #hiddenroad #ripple #xrpl

Expert Reveals Why BlackRock Hasn’t Pushed for an XRP ETF - With Ripple’s XRP lawsuit settlement finally in place, the crypto community is abuzz with... - https://coingape.com/expert-reveals-why-blackrock-hasnt-pushed-for-an-xrp-etf/ #24/7cryptocurrencynews #blackrocketf #altcoinnews #ripple #xrpetf

https://www.europesays.com/2013967/ Crypto Price Today: Bitcoin Mints Profits to Trade at $87,300, Altcoins Show Mixed Movements  #BinanceCoin #BinanceUsd #bitcoin #BitcoinCash #BitcoinPriceTodayProfitsUsd87300AltcoinsSolanaDogecoinCardanoLossesCryptoMarket Cryptocurrency #braintrust #Cardano #cartesi #CircuitsOfValue #crypto #cryptocurrency #Dash #Dogecoin #Ether #Flex #KishuInu #litecoin #monero #polkadot #polygon #qutm #ripple #ShibaInu #Solana #Tether #tron #uniswap #UsdCoin #WrappedBitcoin #zcash

Ripple (XRP) Price Predicted to hit $3.10 if Trump Sacks Jerome Powell in 2025 - XRP price holds at $2.08 as Trump eyes Powell’s removal; traders brace for volatility whi... - https://coingape.com/markets/ripple-xrp-price-predicted-to-hit-3-10-if-trump-sacks-jerome-powell-in-2025/ #priceanalysis #ripple #xrp

XRP ETF Approval Could Spark a ‘Perfect Storm’ for Ripple Coin: Expert - As the Ripple community eagerly awaits the XRP ETF launch, all eyes are on its potential ... - https://coingape.com/xrp-etf-approval-could-spark-a-perfect-storm-for-ripple-coin-expert/ #24/7cryptocurrencynews #altcoinnews #ripple #xrpetf

XRP Price Holds $2.08 Amid Derivatives Surge and Liquidation Risks - XRP price hovers above $2.08 as traders weigh conflicting signals from spot and derivativ... - https://coingape.com/markets/xrp-price-holds-2-08-amid-derivatives-surge-and-liquidation-risks/ #priceanalysis #xrpprice #ripple #xrp

XRP Price History Signals July As The Next Bullish Month - Based on historical data, July could be the next bullish month for the XRP price, ... - https://coingape.com/xrp-price-history-signals-july-as-the-next-bullish-month/ #24/7cryptocurrencynews #altcoinnews #xrpprice #ripple #xrp

Ripple CEO Brad Garlinghouse Drives XRP’s Global Expansion; Know How - Ripple CEO Brad Garlinghouse has been instrumental in shaping the narrative and future of... - https://coingape.com/ripple-ceo-brad-garlinghouse-drives-xrps-global-expansion-know-how/ #24/7cryptocurrencynews #bradgarlinghouse #altcoinnews #ripple #xrp

HashKey Capital to Debut Asian XRP Tracker Fund With Ripple as Anchor Investor - HashKey Capital announced what it says is the first investment fund in Asia designed to t... - https://www.coindesk.com/business/2025/04/18/hashkey-capital-to-debut-asian-xrp-tracker-fund-with-ripple-as-anchor-investor #hongkong #finance #hashkey #ripple #news #xrp