ETHSecurity Community

🚨 Crypto Devs, Watch Out!

Ripple's xrpl.js library was backdoored to steal private keys! Over 2.9M downloads, 135K devs at risk.

🗓️ Malicious versions: 4.2.1–4.2.4, 2.14.2
🛡️ Safe versions: 4.2.5, 2.14.3
👤 Hacker hijacked a Ripple dev's npm account on April 21, 2025.

🔗 Learn more:

🚨 Crypto Devs, Watch Out!

Ripple's xrpl.js library was backdoored to steal private keys! Over 2.9M downloads, 135K devs at risk.

🗓️ Malicious versions: 4.2.1–4.2.4, 2.14.2
🛡️ Safe versions: 4.2.5, 2.14.3
👤 Hacker hijacked a Ripple dev's npm account on April 21, 2025.

🔗 Learn more: https://thehackernews.com/2025/04/ripples-xrpljs-npm-package-backdoored.html