Recommended

#BTCCOGWEEK: Celebrate the Classics of Meme Coins
Crypto Deposit Make instant crypto transfers to your futures account
USDT-M Perpetual Futures Trade futures contracts settled in USDT
VIP Fee Discounts Enjoy different fee discounts based on your VIP level
Coin-M Perpetual Futures Trade futures contracts settled in cryptocurrency
Fiat Deposit Buy your favourite coins in seconds
Affiliates Invite friends & get rewarded
Convert Covert your crypto instantly
Support Centre Find our FAQs here
Announcements Find all our official announcements
BTCC Academy Learn about blockchain and crypto
News The latest trends in the crypto market

Promotions

Referral
Campaigns
Assets
Crypto Deposit
Fiat Deposit
Convert
Transfer
Withdraw
My vouchers
Fund history
Dashboard
Account Security
Identity verification
API Management
Transaction Report
Log out
Register
BTCC / BTCC Square / Cryptopolitan /
XRP Ledger Foundation Scrambles to Patch SDK Exploit—’Patch Now or Risk It All’

XRP Ledger Foundation Scrambles to Patch SDK Exploit—’Patch Now or Risk It All’

Author:
Cryptopolitan
Published:
2025-04-22 22:00:58
13
2

XRP Ledger Foundation confirms SDK breach and issues urgent fix

The XRP Ledger Foundation confirms a critical breach in its SDK—urgently pushing fixes before another ’crypto genius’ turns it into a nine-figure heist. Active verbs only: Hackers exploited, devs patched, investors sweated. No self-referential fluff—just the cold, hard truth. Remember: In crypto, the only thing faster than a fix is a fund drain.

XRPL Foundation acknowledges compromise

Meanwhile, the XRPL Foundation, the non-profit behind the XRPL network, has acknowledged the incident and deployed a fix to the vulnerability. The foundation said on X that it has now published a version 4.2.5 of the XRPL package as a replacement for the compromised versions.

Developers who have the compromised versions have been advised to replace them immediately. The foundation also deprecated all the compromised versions on NPM so that no one can download them.

It also advised that developers should be using the latest v4.2.5 or the much older v2.14.3, which was not compromised and added that that the issue does not affect the XRPL codebase or its GitHub repository.

The foundation said:

“This vulnerability is in xrpl.js, a JavaScript library for interacting with the XRP Ledger. It does NOT affect the XRP Ledger codebase or Github repository itself. Projects using xrpl.js should upgrade to v4.2.5 immediately.”

So far, several protocols on the network have confirmed that the vulnerability did affect them. Xaman Wallet noted that it uses in-house infrastructure and libraries to handle transactions and private keys, while XRPScan said it uses an older version of the xrpl.js and does not process private keys.

Others, such as Bitfrost wallet, DeFi protocol OpulenceX, memecoin RibbleXRP, and Web3 gaming platform Gen3 Games have also confirmed they are unaffected.

Crypto-related supply chain attacks becoming prevalent

The XRPL supply chain attack is the latest incident of bad actors targeting software packages to exploit crypto-related projects.

Back in March, hackers targeted Coinbase in a GitHub Actions supply chain attack by trying to break the exchange’s open-source AgentKit. However, they failed at it, and Coinbase foiled the attempt, deciding to attack several repositories instead.

Before that, cybersecurity experts have discovered that the notorious North Korean hacker group, Lazarus, is targeting crypto developers using NPM repositories and creating backdoors in projects. It is unclear whether they are involved in the

Cryptopolitan Academy: Tired of market swings? Learn how DeFi can help you build steady passive income. Register Now

|Square

Get the BTCC app to start your crypto journey

Download on the App Store GEI IT ON Google Play

Get started today Scan to join our 100M+ users

Exchange for a better future

Products
Services
Guides
About Us
Terms & Agreement
Customer Service
Social Media

Risk warning: Digital asset trading is an emerging industry with bright prospects, but it also comes with huge risks as it is a new market. The risk is especially high in leveraged trading since leverage magnifies profits and amplifies risks at the same time. Please make sure you have a thorough understanding of the industry, the leveraged trading models, and the rules of trading before opening a position. Additionally, we strongly recommend that you identify your risk tolerance and only accept the risks you are willing to take. All trading involves risks, so you must be cautious when entering the market.

The world’s longest-running cryptocurrency exchange since 2011 © 2011 - 2025 BTCC.com. All rights reserved