Recommended

#BTCCOGWEEK: Celebrate the Classics of Meme Coins
Crypto Deposit Make instant crypto transfers to your futures account
USDT-M Perpetual Futures Trade futures contracts settled in USDT
VIP Fee Discounts Enjoy different fee discounts based on your VIP level
Coin-M Perpetual Futures Trade futures contracts settled in cryptocurrency
Fiat Deposit Buy your favourite coins in seconds
Affiliates Invite friends & get rewarded
Convert Covert your crypto instantly
Support Centre Find our FAQs here
Announcements Find all our official announcements
BTCC Academy Learn about blockchain and crypto
News The latest trends in the crypto market

Promotions

Referral
Campaigns
Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / Beincrypto /
Ripple’s XRP Ledger Under Siege: Hackers Exploit Supply Chain Vulnerability

Ripple’s XRP Ledger Under Siege: Hackers Exploit Supply Chain Vulnerability

Author:
Beincrypto
Published:
2025-04-22 22:09:21
12
1

Attackers breach XRP Ledger’s defenses in a high-stakes supply chain attack—just as institutional investors start pretending they ’always believed’ in crypto. Details remain scarce, but the exploit highlights the fragile trust holding this ecosystem together. No funds were reportedly stolen (this time). Meanwhile, Ripple Labs insists the ledger itself remains ’uncompromised’—a claim about as reassuring as a ’fully diluted’ market cap.

Security Breach on the XRP Ledger

This XRPL breach was first identified by Aikido, a blockchain security firm. It found five suspicious updates to the xrpls.js package on Ripple’s NPM.

This is Ripple’s official software development kit, featuring more than 140,000 downloads weekly. Hackers installed a sophisticated backdoor into this package, enabling private key theft and wallet access.

A breach of this nature represents a dire threat to XRP, to the extent that Ripple CTO David Schwartz posted official warnings about it. Mayukha Vadari, a senior software engineer with the firm, also went into greater detail about the nature of this vulnerability.

The XRP Ledger itself is unaffected by this. The malware packages only affect services that use xrpl.js and upgraded to the malicious versions that were published less than 24 hours ago. Github remains safe, only npm was compromised.

Please avoid using any services that have… https://t.co/ySWcl50Pmf

— Mayukha Vadari (@msvadari) April 22, 2025

At first, this might seem like a small issue, as the breach didn’t directly harm the XRP Ledger (XRPL). However, this hack was propagated through Ripple’s official channels, exposing many users to harm.

To get a sense of the scale, DeFi wallets on XRPL currently hold about $80 million in user deposits. Accessing a tiny chunk of this sum would indeed be a huge theft.

DeFi Assets in XRP Ledger

DeFi Assets in XRP Ledger. Source: DefiLlama

NPM is the distribution system, and compromising a high-trust package in it creates a powerful attack vector—a supply chain attack targeting developers and infrastructure rather than end-users directly.

A compromised NPM package can affect thousands of apps. When an attacker injects malicious code, like a backdoor, into a popular NPM package, any application or developer that installs or updates that package unknowingly introduces the malware into its own environment.

The XRP Ledger Foundation confirmed that several major DeFi wallets were not exposed and further stated that it deprecated the compromised xrpl.js versions. It also plans to publish a full postmortem analysis.

Also, hackers managed to compromise the official library for DeFi protocols that wish to interact with XRP. A sophisticated operation like that could have consequences.

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service
Social Media

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved