Ripple NPM supply chain attack hunts for private keys

Ripple’s npm package has been compromised in a sophisticated cyber attack aimed at stealing users’ private keys and cryptocurrency. The malicious versions of the ‘xrpl’ package were found to have backdoors that pose serious risks to developers relying on this library for cryptocurrency applications.

Source: The Register

Key Points

The npm package ‘xrpl’ has multiple versions compromised with malware.
These malicious versions seek to steal private keys, potentially leading to loss of cryptocurrency.
Affected versions include 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2.
Developers are advised to rotate their private keys immediately if using these versions.
This security vulnerability has been designated as a critical CVE (CVE-2025-32965).
The attack was detected by the security firm Aikido, which found indicators of a sophisticated breach.
Targeting npm for cyber attacks is a growing trend, particularly among North Korean state-sponsored actors.

Why should I read this?

If you’re involved in cryptocurrency development or use the xrpl package, this is a must-read! It’s a wake-up call about the real risks lurking in the npm ecosystem. Understanding this attack could save you from losing your digital assets. We’ve done the legwork, so you can stay informed and secure.