{ads}

Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack

Written By Wednesday, 23 April 2025 Add Comment



April 23, 2025 at 12:47PM

The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys. The malicious activity has been found to affect five different versions of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been addressed in versions 4.2.5 and 2.14.3.

from The Hacker News https://ift.tt/JKc5lHS

0 Response to "Ripple's xrpl.js npm Package Backdoored to Steal Private Keys in Major Supply Chain Attack"

Post a Comment

Subscribe to: Post Comments (Atom)

Article Top Ads

Central Ads Article 1

Middle Ads Article 2

Article Bottom Ads