Netvora logo
Submit Startup Subscribe
Home About Contact Submit Startup Subscribe

XRP Ledger NPM Package Caught Stealing Crypto: Major Supply Chain Backdoor Uncovered

Comment

XRP Ledger NPM Package Caught Stealing Crypto: Major Supply Chain Backdoor Uncovered

Netvora Editorial April 23, 2025 at 11:55 AM WebDev
XRP Ledger NPM Package Caught Stealing Crypto: Major Supply Chain Backdoor Uncovered


🚨 XRP Ledger NPM Package Caught Stealing Crypto: Major Supply Chain Backdoor Uncovered

Tuesday, April 22, 2025 — 15:56 | By Netvora Editorial Staff | 0 Comments

A major supply chain attack has hit the JavaScript ecosystem. A backdoor has been discovered in the official XRP Ledger NPM package, a module that receives nearly 144,000 downloads per week and is widely used by crypto and web applications to integrate with the XRP Ledger.

According to security researchers at Aikido Security, multiple compromised versions of the package were published to the NPM registry and included a malicious backdoor that steals users’ private keys — effectively granting attackers access to cryptocurrency wallets.

“This package is used by hundreds of thousands of apps and websites. That makes this a potentially catastrophic attack on the entire crypto ecosystem,” said Aikido’s researchers.

🕵️‍♂️ What Happened?

Attackers managed to publish five malicious versions of the XRP Ledger package to the NPM Registry:

Each of these versions contains code that captures and exfiltrates private keys from developers or end users running the infected apps.

The XRP Ledger Foundation has urged all users and developers to immediately upgrade to version 4.2.5, which they claim is clean and free of the backdoor.

🔐 How Did It Happen?

At the time of publishing, it’s still unknown how the attackers managed to push these malicious versions under the official XRP Ledger package name. The maintainers have promised a full post-mortem explaining the breach and steps being taken to prevent future incidents.

NPM (Node Package Manager) is the default package manager for Node.js and one of the largest software registries in the world. Its open nature makes it powerful — but also vulnerable to supply chain attacks like this one.

🚨 Why This Matters

This is not just another NPM mishap. This is a real-world crypto heist hidden in plain sight — and it highlights the growing risk of supply chain attacks on open-source infrastructure.

With the explosion of crypto-integrated apps and web3 tooling built on Node.js, this breach could have long-term consequences across both DeFi and traditional platforms that touch the XRP Ledger.

Have you been affected or noticed unusual wallet activity tied to XRP Ledger packages?

Contact Netvora’s team confidentially at

Comments (0)

Leave a comment

Back to homepage

You might also like