**Ripple’s xrpl.js Library Backdoored in Major npm Breach**

In a major supply chain attack, Ripple’s popular JavaScript library `xrpl.js` was compromised via a hijacked npm account, putting the private keys of over 135,000 developers at risk. The breach occurred on April 21, 2025, when a hacker gained control of a Ripple developer’s npm credentials and published malicious versions of the package.

**Affected Versions:**

- 4.2.1 through 4.2.4

- 2.14.2

These versions included a backdoor that secretly exfiltrated private keys to a remote server. In total, the malicious packages were downloaded more than 2.9 million times before being discovered and taken down.

**Safe Versions:**

- 4.2.5

- 2.14.3

Developers are urged to immediately update to the safe versions and audit their systems for potential compromise. This incident highlights the growing threat of software supply chain attacks and the critical need for strong security practices around dependency management.

Stay safe, and never store private keys directly in code.