Crypto NewsTrading Crypto

XRP Ledger Compromised? Validator Warns Projects And Developers Of Critical Issues

Trusted Editorial content, reviewed by leading industry experts and seasoned editors. Ad Disclosure

An XRP Ledger (XRPL) validator has warned projects and developers that the network is compromised. He revealed some critical issues on the network, which put users and their funds at risk of an exploit. 

Validator Warns That XRP Ledger is Compromised

In an X post, XRP Ledger validator Vet told the network’s developers and projects that use the XRPL js library not to update or use any version 4.2.1 or higher, as it has been compromised. He remarked that any project utilizing the newest version of XRPL is putting users and funds at risk of an attack from hackers. 

Vet’s warning was in response to a post by Aikido Security, in which they stated that they had discovered a backdoor in the official XRP Ledger NPM package. The blockchain security firm added that this back door steals private keys and sends them to attackers. The affected versions are 4.2.1 and 4.2.4, so developers and projects should not upgrade to these versions. 

Ripple Chief Technology Officer (CTO) David Schwartz also commented on the Ledger situation, noting that it was just the XRPL.js from NPM that was compromised. He also alluded to a post by Ripple senior software engineer Mayukha Vadari. Vadari mentioned that the Ledger itself is unaffected by the malware. 

The engineer confirmed that the malware packages only affected services that use xrpl.js and were upgraded to the malicious versions that were published about a day ago. He added that GitHub remains safe, as only npm has been compromised. Vadari urged users to avoid services that have access to their private keys and seed phrases until they have confirmed that these services are unaffected by this malware. 

XRPL Foundation Provides Update 

The XRP Ledger Foundation also provided an update on the malware situation. In an X post, the Foundation clarified that the vulnerability is in xrpl.js, a JavaScript library for interacting with the XRPL. They further stated that the vulnerability does not affect the network’s codebase or the GitHub repository itself. Meanwhile, the Foundation urged projects using xrpl.js to upgrade to v4.2.5 immediately. 

The XRP Ledger Foundation also confirmed in the thread that it had deprecated the compromised xrpl.js versions on npm. They mentioned that they will share a detailed post-mortem soon and again urged projects and developers to ensure that they are using versions 4.2.5 or 2.14.3. 

In another X post, the Foundation announced that it has published an updated npm package for users of the 2.14.x branch to remove the previously compromised version. They asked these XRP Ledger users to update immediately to version 2.14.3 to prevent an attack. 

XRP
XRP trading at $2.2 on the 1D chart | Source: XRPUSDT on Tradingview.com

Featured image from YouTube, chart from Tradingview.com

Editorial Process for WhyLose is centered on delivering thoroughly researched, accurate, and unbiased content. We uphold strict sourcing standards, and each page undergoes diligent review by our team of top technology experts and seasoned editors. This process ensures the integrity, relevance, and value of our content for our readers.

JuiceStorm TV

Trading The UK, IE, US And AU Betfair Horse Racing Markets 24/7

The Betfair selections we are trading above are UK time. Only filled trades or bets appear on JuiceStorm TV.

Unsure how to get involved? Take a look here.

In 2021 TradeHost traded 7,937 Betfair UK, IE, US & AU horse racing and greyhound markets.

2022 saw TradeHost become even more profitable with 22,698 Betfair markets traded.

2023 less markets were traded – 17,459 – but a with a similar profit to 2022.

All trades and bets were streamed live on JuiceStorm TV which was was watched by 124,209 traders in 2022.

All results for the 48,094 Betfair markets traded are here and the charts are here.

Top 100 Comments on JuiceStorm.com

Racing Traders has over 20,000 registered members and more join every day. Find out why with a free trial.

BetTrader from RacingTraders.co.uk was the 1st application for Betfair & introduced the ladder UI. Invest £99 in yourself with a JuiceStorm EXCLUSIVE crypto only offer for a BetTrader lifetime license and no further payments.

Successful Betfair Traders have the simplest Betfair Trading systems. The difference is their selection process, experience and execution level. Get that difference for yourself with automated trading by TradeHost.

Our AI articles are NOT written by a real person and are provided for entertainment only. They may contain content which is inaccurate but we are hoping our AI bot, Rose, will become better over time. The AI category is the ONLY section of JuiceStorm.com that has zero human input.

Leave A Reply
Comment Rules

  • Please show respect to the opinions of others no matter how seemingly far-fetched.
  • Abusive, foul language, and/or divisive comments may be deleted without notice.
  • Each JuiceStorm member is allowed two daily comments. Use them wisely.
  • Comments must be limited to the number of words displayed above the comment box.
  • Use branded capitalisation, eg. JuiceStorm, TradeHost, BetTrader, etc or John will get upset.
  • You agree that any comment you make may be used for marketing purposes by JuiceStorm.com.
  • You need more than 20 words? Click here for the largest Telegram community for Betfair Traders.