XRP Ledger Faces Serious Flaw Endangering the Network
Summary:
The XRP Ledger (XRPL) encountered a critical flaw that could have disrupted transactions. Key Details:
- Nature of the Flaw: A bug in network consensus temporarily slowed down block verification.
- Quick Fix: Ripple developers deployed a patch within hours, preventing significant disruptions.
- Market Impact: The price of XRP briefly dropped but recovered as confidence was restored.
The incident underscores the importance of thorough testing for blockchain networks.
The Aikido team stated, "This backdoor steals private keys and sends them to attackers," adding, "Affected versions are 4.2.1 - 4.2.4; if you are using an earlier version, do not upgrade."
According to Charlene Eriksen, a malware researcher at Aikido Security, this is an advanced supply chain exploit and likely involves the compromise of a Ripple employee's npm account under the username "mukulljangid."
Charlene stated in her analysis: "The official XRPL (Ripple) NPM package was compromised by advanced attackers who inserted the backdoor to steal private cryptocurrency keys and access cryptocurrency wallets."