Critical Vulnerability in XRP Ledger: “Backdoor” Threatens User Wallets

Detect dangerous malware

The vulnerability was discovered by Charlie Eriksen, a security expert from Aikido Security, in the latest versions of xrpl.js, a library that is downloaded more than 140,000 times per week and used by thousands of applications in the XRP ecosystem. According to Eriksen, malicious code embedded in the library can open a “backdoor” that facilitates supply chain attacks. Hackers can exploit the vulnerability to control applications that integrate the library, thereby stealing private keys and gaining unauthorized access to user wallets.

The vulnerability only affects users who have updated to the infected versions (from v4.2.1 to v4.2.4 and v2.14.2) via Node Package Manager (NPM). Fortunately, several major services such as Xaman Wallet, First Ledger, Gen3 Games, and XRPScan have confirmed that they are not affected by the issue.

Prompt corrective action

Shortly after the discovery, the XRP Ledger Foundation released a patch version v4.2.5, which overwrites the compromised code packages. The organization urged users and projects using the xrpl.js library to update immediately to protect their assets. Additionally, those using the affected versions are advised to stop using their current private keys and transfer their assets to a new wallet to avoid risks.

Market impact and reaction

Despite the security incident, XRP price has recorded an 8% increase in the past 24 hours, thanks to the general recovery trend of the cryptocurrency market. In particular, after President Donald Trump's election victory, XRP has grown impressively by more than 300%, prompting asset managers to call on the US Securities and Exchange Commission (SEC) to approve an XRP ETF. At the same time, Coinbase's listing of XRP futures in April 2025 has opened up more opportunities for investors, strengthening XRP's position in the market.

To ensure safety, users need to:

• Update xrpl.js library to version v4.2.5 now.

• If you have used the infected versions, immediately stop using your current private keys and transfer your assets to a new wallet.

• Follow the official announcement from the XRP Ledger Foundation for updates.

The security breach in the xrpl.js library is a warning about the potential risks in open source tools, especially in the blockchain space. The XRP Ledger Foundation’s quick response helped mitigate the potential damage, but the incident underscores the importance of source code audits and security awareness. As XRP enjoys positive market momentum, ensuring the security of the ecosystem will be key to maintaining the trust of the community and investors.