Backdoor Exploit Impacts XRP Ledger SDK

The XRP Ledger Foundation has issued a warning regarding a security flaw in the official JavaScript SDK, identified by Aikido Security. Several versions of the Node Package Manager (NPM) software were found to contain a backdoor, enabling hackers to steal users' private keys.

XRPL Labs' CEO assured users that Xaman Wallet was unaffected, as it does not use xrpl.js, and instead depends on its xrpl-client and xrpl-accountlib libraries. An urgent patch has been released by the XRP Ledger Foundation to remove the malicious code from the NPM package.

This incident comes shortly after Ripple's $1.25 billion acquisition of Hidden Road, which is expected to transform XRPL into a primary conduit for institutional funds.