Ripple’s xrpl.js npm Package Compromised in Supply Chain Attack
On April 21, 2025, a critical supply chain attack targeted the widely-used xrpl.js npm package, Ripple's official JavaScript library for interacting with the XRP Ledger. This package, downloaded over 2.9 million times with more than 135,000 weekly downloads, was compromised to include a backdoor capable of stealing cryptocurrency private keys and wallet seeds .
Overview
An attacker published five malicious versions of
xrpl.js(4.2.1 to 4.2.4 and 2.14.2) under the npm accountmukulljangid.
These unauthorized versions contained obfuscated code designed to exfiltrate private keys and wallet seeds to an attacker-controlled server, potentially allowing unauthorized access to users' cryptocurrency wallets .
Image: Malicious code in package
Ripple's Response:
Ripple has deprecated the compromised versions and released patched versions (4.2.5 and 2.14.3) to address the issue.
Major XRP-related services, such as Xaman Wallet and XRPScan, reported that they were unaffected by the compromised packages.
Recommendations for Developers:
Audit Dependencies: Review your projects for any of the malicious
xrpl.jspackage versions (4.2.1 to 4.2.4 and 2.14.2) and replace them with the patched versions (4.2.5 or 2.14.3).Rotate Credentials: If you've used the compromised versions, consider rotating your private keys and any other potentially affected credentials to prevent unauthorized access.
Enhance Monitoring: Implement tools to monitor for unauthorized changes in your dependencies and to detect anomalous behavior in your applications.
Lesson Learned
Supply chain attacks, where malicious code is introduced into trusted software components, are becoming increasingly sophisticated and prevalent. Developers and organizations must prioritize security measures, including regular audits of dependencies, implementing automated monitoring tools, and fostering a culture of security awareness within development teams.
By staying informed and proactive, we can collectively strengthen the security of the software supply chain and protect the integrity of the cryptocurrency ecosystem.