An XRP Ledger (XRPL) The validator warned projects and developers to compromise the network. He announced some critical network issues, which put users and their funds at risk of an exploitation.
Validator warns that XRP Ledger is compromised
In a X postThe XRP Ledger Validator Vet told network developers and projects using the XRPL JS Library not to update or use any version 4.2.1 or higher, as it was compromised. He said that any project that uses the Latest version of XRPL is putting users and funds at risk of an attack from hackers.
Vet's warning was in response to an Aikido Security post, in which they said they discovered a backdoor in the official package of XRP Ledger NPM. The blockchain security firm added that the back of this door steals private keys and sends it to the attacks. The affected versions are 4.2.1 and 4.2.4, so developers and projects should not upgrade these versions.
Ripple Chief Technology Officer (CTO) David Schwartz It also commented on the ledger situation, noting that it was the XRPL.JS from the NPM compromised. He also posted a post by Ripple Senior Software Engineer Mayukay Vadari. Vadari noted that the ledger itself was not affected by malware.
Engineer confirmed that malware packages only affect services that use XRPL.JS and that upgrade to malicious versions that have been published about a day ago. He added that the github remains safe, as only the NPM is compromised. Vadari urged users to avoid services with access to their private keys and seed phrases until they confirmed that these services were not affected by this malware.
XRPL Foundation provides updating
The XRP Ledger Foundation Also provided updates on the malware situation. In an X post, the foundation clarified that the weakness was at XRPL.JS, a JavaScript library for interacting with XRPL. They further said that weakness does not affect the network's codebase or the repository of the GitHub itself. Meanwhile, the foundation urged projects using XRPL.JS to upgrade to V4.2.5 immediately.
The XRP Ledger Foundation also confirmed in the thread that it removed the compromised versions of XRPL.JS to NPM. They noted that they would share a detailed post-mortem soon and re-drive projects and developers to ensure they use versions 4.2.5 or 2.14.3.
In another X post, the Foundation announced that it published an updated NPM package for users of 2.14.X branch to remove the previously compromised version. They asked this XRP Ledger Users will update immediately to version 2.14.3 to avoid an attack.
Featured image from YouTube, chart from tradingview.com
Editorial process For Bitcoinist centered on delivering thoroughly researched, accurate, and unbiased content. We promote strict sources of sourcing, and each page undergoes our team's enthusiastic examination of the leading technology experts and timely editors. This process ensures the integrity, relevance, and value of our content for our readers.
