npm
1,524 views
3 Discussing
Hot
Latest
See original
XRP Ledger Faces Serious Flaw Endangering the Network
Summary:
The XRP Ledger (XRPL) encountered a critical flaw that could have disrupted transactions. Key Details:
- Nature of the Flaw: A bug in network consensus temporarily slowed down block verification.
- Quick Fix: Ripple developers deployed a patch within hours, preventing significant disruptions.
- Market Impact: The price of XRP briefly dropped but recovered as confidence was restored.
The incident underscores the importance of thorough testing for blockchain networks.
The Aikido team stated, "This backdoor steals private keys and sends them to attackers," adding, "Affected versions are 4.2.1 - 4.2.4; if you are using an earlier version, do not upgrade."
According to Charlene Eriksen, a malware researcher at Aikido Security, this is an advanced supply chain exploit and likely involves the compromise of a Ripple employee's npm account under the username "mukulljangid."
Charlene stated in her analysis: "The official XRPL (Ripple) NPM package was compromised by advanced attackers who inserted the backdoor to steal private cryptocurrency keys and access cryptocurrency wallets."
#npm #Ripple
#Hack #xrp
$XRP
Summary:
The XRP Ledger (XRPL) encountered a critical flaw that could have disrupted transactions. Key Details:
- Nature of the Flaw: A bug in network consensus temporarily slowed down block verification.
- Quick Fix: Ripple developers deployed a patch within hours, preventing significant disruptions.
- Market Impact: The price of XRP briefly dropped but recovered as confidence was restored.
The incident underscores the importance of thorough testing for blockchain networks.
The Aikido team stated, "This backdoor steals private keys and sends them to attackers," adding, "Affected versions are 4.2.1 - 4.2.4; if you are using an earlier version, do not upgrade."
According to Charlene Eriksen, a malware researcher at Aikido Security, this is an advanced supply chain exploit and likely involves the compromise of a Ripple employee's npm account under the username "mukulljangid."
Charlene stated in her analysis: "The official XRPL (Ripple) NPM package was compromised by advanced attackers who inserted the backdoor to steal private cryptocurrency keys and access cryptocurrency wallets."
#npm #Ripple
#Hack #xrp
$XRP
Twenty malicious #npm packages impersonating the #Hardhat #Ethereum✅ development environment have targeted private keys and sensitive data. These packages, downloaded over 1,000 times, were uploaded by three accounts using #typosquatting techniques to trick developers. Once installed, the packages steal private keys, mnemonics, and configuration files, encrypt them with a hardcoded AES key, and send them to attackers. This exposes developers to risks like unauthorized transactions, compromised production systems, #phishing , and malicious dApps.
Mitigation tips: Developers should verify package authenticity, avoid typosquatting, inspect source code, store private keys securely, and minimize dependency usage. Using lock files and defining specific versions can also reduce risks.
$ETH
Mitigation tips: Developers should verify package authenticity, avoid typosquatting, inspect source code, store private keys securely, and minimize dependency usage. Using lock files and defining specific versions can also reduce risks.
$ETH
Login to explore more contents