Hacker Tries to Attack XRP Ledger Using Developer Access, Security Team Stops It Amin Ayan | usagoldmines.com

A potential security crisis was narrowly avoided after a hacker exploited a developer’s access token to inject malicious code into a key toolkit used by applications on the XRP Ledger.

The vulnerability, identified by Aikido Security researcher Charlie Eriksen, could have led to a major supply chain attack across the crypto ecosystem.

Hacker Exploits NPM Token to Publish Malicious xrpl.js Versions on XRP Ledger

According to Aikido Security, the attacker gained access to a developer’s Node Package Manager (NPM) token, allowing them to publish compromised versions of xrpl.js, the official JavaScript library for interacting with the XRP Ledger.

With over 140,000 weekly downloads, the package is widely integrated into hundreds of thousands of apps and websites, raising concerns over the potential scale of the breach.

“This could have been catastrophic,” Eriksen warned in a security update, noting that the flaw theoretically allowed attackers to steal private keys, putting crypto wallets at risk.

The malicious code was detected on April 21, when Aikido’s monitoring system flagged five suspicious package versions.

Fortunately, major XRP-related platforms such as Xaman Wallet and XRPScan confirmed they were unaffected.

The risk was limited to third-party applications that installed the compromised versions—v4.2.1 through v4.2.4 and v2.14.2—during a short window before the issue was contained.

The XRP Ledger Foundation responded swiftly, deprecating the affected versions and releasing a patched update, v4.2.5, urging all developers using xrpl.js to upgrade immediately.

The foundation clarified that the core XRP Ledger codebase and its GitHub repository remained untouched, as the vulnerability was isolated to the external JavaScript library.

While the identity of the hacker remains unknown, Aikido Security hinted at having leads under investigation.

Despite the scare, XRP prices showed resilience, rising 8.5% over the past 24 hours amid a broader crypto market rally.

SEC Lawsuit Against Ripple Labs Concludes After Four Years

The legal dispute between Ripple Labs and the U.S. Securities and Exchange Commission (SEC) has concluded after more than four years, marking a significant development in cryptocurrency regulation.​

In December 2020, the SEC filed a lawsuit against Ripple Labs, alleging that the company conducted an unregistered securities offering by selling XRP tokens, raising over $1.3 billion.

Ripple contested the claim, arguing that XRP is a digital currency, not a security.​

In July 2023, U.S. District Judge Analisa Torres delivered a mixed ruling: she determined that XRP sales to institutional investors violated securities laws, while sales on public exchanges did not.

Consequently, Ripple was ordered to pay a $125 million civil penalty. ​

In March 2025, Ripple and the SEC reached a settlement. Under the agreement, Ripple would pay $50 million of the previously imposed fine, with the remaining $75 million returned to the company.

Both parties agreed to drop their respective appeals, effectively ending the litigation.

The post Hacker Tries to Attack XRP Ledger Using Developer Access, Security Team Stops It appeared first on Cryptonews.

This articles is written by : Nermeen Nabil Khear Abdelmalak

All rights reserved to : USAGOLDMIES . www.usagoldmines.com

You can Enjoy surfing our website categories and read more content in many fields you may like .

Why USAGoldMines ?

USAGoldMines is a comprehensive website offering the latest in financial, crypto, and technical news. With specialized sections for each category, it provides readers with up-to-date market insights, investment trends, and technological advancements, making it a valuable resource for investors and enthusiasts in the fast-paced financial world.