Today, XRP maintained its uptrend despite a significant security breach involving one of XRP Ledger’s JavaScript libraries. 

Blockchain security firm Aikido identified the hack, revealing that a sophisticated attack had compromised the XRPL package on NPM. While it appeared official, it was in fact compromised and not reflected in GitHub’s official release history. This security flaw exposed users to confirmed theft of private keys and compromised wallets.

The official XRP Ledger foundation account on X confirmed the development. 

Earlier today, a security researcher from @AikidoSecurity identified a serious vulnerability in the xrpl npm package (v4.2.1-4.2.4 and v2.14.2).

We are aware of the issue and are actively working on a fix.

A detailed post-mortem will follow.

— XRP Ledger Foundation (Official) (@XRPLF) April 22, 2025

XRP Price Remains Resilient

Despite the serious security incident, XRP’s price has shown resilience. As of today, XRP is trading at $2.27, reflecting a notable 8.14% increase in the last 24 hours and a 9.66% rise over the past seven days.

Before today, XRP consolidated around the $2.00 to $2.14 range for the previous weeks. This surge in price suggests that market participants have not been significantly deterred by the security breach. Notably, the XRP uptrend aligns with the broader market recovery led by Bitcoin.

Security Breach in NPM Package

For context, Aikido researchers found that the malicious actors had inserted a backdoor into versions 4.2.1 to 4.2.4 and 2.14.2 of the XRPL NPM package. These versions, widely used across numerous applications and websites, made the package a potential target for a massive supply chain attack. 

The backdoor allowed attackers to capture private keys from cryptocurrency wallets. Aikido confirmed that attackers were able to steal the keys and send them to a designated external domain, 0x9c.xyz.

The vulnerability was traced to a compromised NPM account with publish access to the official XRP Ledger package, associated with the username ‘mukulljangid’.

This compromise allowed the backdoor into the package, putting thousands of crypto users at risk.

Immediate Action and Recommendations

Following the discovery of the attack, Aikido issued urgent recommendations for users. They advised immediate cessation of use for versions 4.2.1 to 4.2.4 and 2.14.2 and suggested rotating private keys and seed phrases to prevent any ongoing theft.

Researchers also recommended scanning network logs for connections to the malicious domain, 0x9c.xyz, as a precaution. Furthermore, Aikido emphasized the need to upgrade to the newly patched versions: 4.2.5 and 2.14.3, to ensure continued security and minimize further risks.

Ripple’s foundation quickly responded, confirming that the compromised packages had been removed. Key projects, including XRPScan, Gen3 Games, and First Ledger, were not affected by the breach, offering some reassurance to the XRP community.

We’ve deprecated the compromised xrpl.js versions (4.2.1-4.2.4 and v2.14.2) on npm. A detailed post-mortem will be shared soon. 👉Ensure you’re using v4.2.5 or v2.14.3.

— XRP Ledger Foundation (Official) (@XRPLF) April 22, 2025