In less than three months, the blockchain that powers one of the biggest crypto assets by market capitalization, XRP, was hit with another blow as a potential attack vector was discovered.
Aikido, a security platform for developers, said that the XRP Ledger (XRPL), which powers the XRP token, NPM package, was compromised by the addition of a backdoor designed to steal crypto private keys and gain access to wallets.
"This package is used by hundreds of thousands of applications and websites, making it a potentially catastrophic supply chain attack on the cryptocurrency ecosystem," Charlie Eriksen, a malware researcher at Aikido, emphasized.
He said they've found five new package versions of the XRPL package, released by user mukulljangid, that don't match the official releases on the GitHub platform.
Per the investigation, these new packages contained "odd code" that calls the 0x9c[.]xyz domain, registered only in January 2025, and is designed to steal private keys as soon as a new wallet is created in code.
According to Eriksen, the attacker was actively trying different ways to insert the backdoor while remaining as hidden as possible.
"Going from manually inserting the backdoor into the built JavaScript code, to putting it into the TypeScript code and then compiling it down into the built version," he said. The researcher urged users to inspect their network logs for outbound connections to the 0x9c[.]xyz domain if they believe they may have installed any of those malicious packages during the timeframe between 21st Apr, 20:53 GMT+0 and 22nd Apr, 13:00 GMT+0.
"If you believe that you may have been impacted, it's important to assume that any seed or private key that was processed by the code has been compromised," Eriksen added.
Meanwhile, the XRP Ledger Foundation, which oversees development of the XRPL ecosystem, confirmed it has published an updated NPM package to remove the compromised version.
As reported by Cybernews.com, in February 2025, XRPL went down for 64 minutes, stopping transaction processing and leaving the blockchain's developers perplexed as to what caused it. It was also revealed that the network responsible for securing XRP, which now boasts a market capitalization of $130 billion, had only 35 nodes that validate, relay, and process transactions, helping maintain the ledger.
As with the previous incident, XRP traders seem unfazed by the discovered vulnerability, as the price of the fourth-largest token by market capitalization is up 7% in a day.
Your email address will not be published. Required fields are markedmarked