Registration
 
All news
Top Stories
Editors' Picks
Crypto News
Financial News
Currencies
Market Voices
Companies
Regulators News
Central Banks News
Mirjan Hipolito
Mirjan Hipolito

Ripple responds to XRPL library breach with security patch

Ripple responds to XRPL library breach with security patch
Ripple fixes XRP Ledger bug in xrpl.js after exploit

​A critical security vulnerability was discovered and swiftly patched in the XRP Ledger ecosystem this week, after malicious code was found embedded in the widely used xrpl.js JavaScript library. 

The flaw, if left unchecked, could have compromised thousands of XRP wallets and posed a catastrophic threat to the broader crypto infrastructure.

Key Takeaways

-Targeted Library: The compromised package was xrpl.js, Ripple’s core library for XRP-based applications.

- Limited Exposure: Only developers who updated during a 1-hour window were affected.

- Immediate Response: The XRP Ledger Foundation released clean versions of the library within hours.

Attack timeline and containment

The vulnerability was discovered by cybersecurity researchers at Aikido Security on Monday. The issue involved a backdoor inserted into xrpl.js—Ripple’s official library for interacting with the XRP Ledger—published on the Node Package Manager (NPM) platform. The malicious update was live for just over an hour but was capable of siphoning private wallet credentials to a hacker-controlled server.  

The security breach occurred between 4:46 PM and 5:49 PM ET, during which several versions of the package were updated with hidden malware. Aikido’s Charlie Eriksen confirmed the code could have exfiltrated wallet seeds and private keys, placing any project that integrated the infected version at risk.

Fortunately, major projects such as Xaman Wallet and XRPScan were unaffected. The XRP Ledger Foundation responded quickly, issuing patched versions and advising immediate upgrades. 

Implications for XRP and open source security

Given that xrpl.js logged over 140,000 downloads last week alone, the incident underscores the systemic risk posed by supply chain attacks in the open-source ecosystem. Ripple has confirmed that a full post-mortem is underway and will be published after a comprehensive review. 

Security experts recommend all developers using the XRP Ledger’s JavaScript tools audit their applications and rotate any potentially exposed wallet credentials.

Ripple is currently seeing XRP rise on the back of the SEC's withdrawal of the appeal and the possible launch of an XRP ETF. The token's price rose to $2.27, showing a growth of 8% over the day. 

XRP price dynamics (February 2025 - April 2025). Source: TradingView

In addition, we informed you earlier that XRP overtakes Solana in race for spot ETF approval.

This material may contain third-party opinions, none of the data and information on this webpage constitutes investment advice according to our Disclaimer. While we adhere to strict Editorial Integrity, this post may contain references to products from our partners.

Editor's Picks for You

Toncoin becomes Gram: Why Durov restored token's original name
  • By Anastasiia Chabaniuk
  • 10 hours ago
Toncoin becomes Gram: Why Durov restored token's original name
Editors' Picks
Why Tether flipping Ethereum is a pivotal moment for crypto
  • By Kyle Torpey
  • Yesterday
Why Tether flipping Ethereum is a pivotal moment for crypto
Editors' Picks
MiCA deadline: Why crypto companies are leaving Europe
  • By Eugene Komchuk
  • Yesterday
MiCA deadline: Why crypto companies are leaving Europe
Editors' Picks
All Editors' Top Picks

Latest XRP News

XRP price prediction: Testing $1.2363 resistance? XRP up 3.62%
  • By Parshwa Turakhiya
  • 12 hours ago
XRP price prediction: Testing $1.2363 resistance? XRP up 3.62%
Crypto News
#Forecast #XRP
Xrp surges on ripple market integration and gate.io trading pair expansion
  • By Sholanke Dele
  • 21 hours ago
Xrp surges on ripple market integration and gate.io trading pair expansion
Crypto News
#Forecast #XRP
What is behind XRP's recent gain in value today
  • By Ezequiel Gomes
  • Yesterday
What is behind XRP's recent gain in value today
Crypto News
#Forecast #XRP
All XRP News
  • Anastasiia Chabaniuk
  • 10 hours ago
Toncoin becomes Gram: Why Durov restored token's original name
  • Kyle Torpey
  • Yesterday
Why Tether flipping Ethereum is a pivotal moment for crypto
  • Eugene Komchuk
  • Yesterday
MiCA deadline: Why crypto companies are leaving Europe
  • Mikhail Vnuchkov
  • 13.06.2026
From “Holy Trinity” to WLD crash: How Arthur Hayes became a market-moving seller
  • Eugene Komchuk
  • 12.06.2026
The world's first trillionaire: How Musk built his fortune on electric cars, space and AI
  • Yulia Slavina
  • 15 min ago
Grant Cardone: Key lessons from journey to $100 million in wealth
  • Igor Krasulya
  • 16 min ago
AI investing themes include stock market analysis, Puru Saxena discusses
  • Yaroslav Dmytrenko
  • 16 min ago
Bitwise Hyperliquid ETF adds $15 million in new inflow, Hunter Horsley notes
  • Dmytro Kharkov
  • 16 min ago
Simon Dixon: Banks fear shift to full reserve banking model
  • Jose Antonio Gastelum
  • 26 min ago
Mike Belshe: Firms must stop serving EU clients without authorization after July 1
Weekly Top Bonuses
up to $2,500
deposit bonus for all clients
CLAIM BONUS
Your capital is at risk.
Top News
  • Eugene Komchuk
  • 5 hours ago
Yum Brands to sell Pizza Hut for $1.5 billion after years of challenges
Yum Brands to sell Pizza Hut for $1.5 billion after years of challenges
  • Igor Krasulya
  • 6 hours ago
SpaceX nears Amazon market value as IPO rally builds
SpaceX nears Amazon market value as IPO rally builds
  • Olga Shendetskaya
  • 9 hours ago
U.S. judge dismisses Musk xAI suit against OpenAI
U.S. judge dismisses Musk xAI suit against OpenAI
  • Ivan Andriyenko
  • 10 hours ago
U.S. futures steady as markets weigh Iran deal
U.S. futures steady as markets weigh Iran deal
  • Andrey Mastykin
  • 11 hours ago
Oil slips as U.S.-Iran deal raises hopes for Hormuz reopening
Oil slips as U.S.-Iran deal raises hopes for Hormuz reopening
Live News
  • Anton Kharitonov
  • Now
GOOGL recovery gains momentum as AI and cloud business remain key growth catalysts AI and cloud business continue to drive growth Alphabet continues to deliver strong fundamental performance amid its large-scale AI transformation. In the latest quarter,
  • Anton Kharitonov
  • Now
Apple stock consolidates as investors seek new growth drivers
  • Mykhailo Ihnatenko
  • Now
Can SpaceX's financials support its market valuation?
  • Anton Kharitonov
  • Now
Bitcoin remains below $67,250 as downside risks persist
  • Mykhailo Ihnatenko
  • Now
Snowflake holds support as AI optimism returns
Who We Are
Business Solutions
For Users
TU News
Popular Sections
Disclosures
CONTACT US
Legal
We are in Social Media
© IAFT Ltd., 2010-2026 All rights to the website are owned by IAFT Ltd.,
Registration number - HE 336186
  • Risk disclosure:

    Information on the TradersUnion.com website is for informational purposes only and does not constitute any motive or suggestion to visitors to invest money. Moreover, we hereby warn you that trading on the Forex and CFD markets is always a high risk. According to the statistics, 75-89% of customers lose the funds invested and only 11-25% of traders earn a profit. Trading in futures and options carries substantial risk of loss and is not suitable for every investor.

    That is why you should only invest money that you are prepared — or can afford — to lose at such high risks. Tradersunion.com does not provide any financial services, including investment or financial advisory services. Also, the Traders Union is not a broker and does not get money for trading in the Forex or CFD markets. Our website only provides information on brokers and the markets and helps its users to select the best brokerage company based on detailed information and objective analysis of brokers.

  • Disclaimer:

    Traders Union (TradersUnion.com) shall not be liable for the consequences of trading decisions made by the Client and for the possible loss of his capital resulting from the use of this website and information published on it.

    Forex market, CFD and cryptocurrency trading involves high risks and is not suitable for everyone. Before investing money, you need to adequately assess the level of your expertise and be aware of the risks, particularly in the context of trading with leverage. The information on this website is not intended for distribution or use by any person in any country or jurisdiction, where such distribution or use would be in violation of the local law or regulation. Any payments by Traders Union (TradersUnion.com) to the users of our website shall be legally interpreted solely as an incentive on our part for the activity on the website in the form of a deduction of a part of the advertising income; they shall not be a subject of any claims of our users or our obligations, a subject of disputes, as well as cannot be considered in relation to the services provided to users by brokers, both in fact and in their completeness and volume. The administration of the website shall not be liable for the content of user comments and reviews about the companies and shall not verify whether the authors of the reviews are indeed real clients of a specific company. All reviews, both negative and positive are published on the website without verification of their reliability; only offensive reviews that call for violence or any kind of discrimination and also reviews published from one group of IP addresses are moderated and removed. The authors of the materials shall be fully liable for the accuracy, completeness and impartiality of any information in the articles and reviews, including in the context of their use or mention of any brand names or trademarks. All mentions of the names of companies and their brands in any materials on the website shall be made in the context of communication of socially important information to the people about their activities by independent journalists, who are the authors. All evaluations and indicators on the website express the subjective opinion of the authors of the reviews (articles) and shall not be viewed as accurate statements and be a subject of disputes and claims against Traders Union.

  • Disclosure of advertisers and revenues:

    All the services on the Tradersunion.com website are free for you to use. Our team spends thousands of hours per annum researching brokers and gathering information about them to help investors all over the world to choose reliable companies and to avoid fraudsters.

    Indeed, the curating, sourcing, and organization of this process requires substantial financial investment by Tradersunion.com, which the website earns in the form of advertising payments. There are two types of advertising services on the website — direct advertising or partner (broker) participation programs. However, no services purchased by our partners shall affect the recommendations on our website, or our opinions, or ratings. Our ratings are based on our objective rating criteria and methodology; and the results are always equally and fairly applied to each broker. The work of our content authors and research groups does not involve any interaction with our advertisers and they do not have access to data concerning the amount of advertising purchased. For over 10 years we consider our independence, absolute openness, and objectivity as our main priority. Please follow the links to each of our affiliated broker’s websites. This will help Tradersunion.com to continue to provide our services to you for free.

onepercentfortheplanet.org World Association of News Publishers https://gdpr.eu/ GDPR