Official XRP Ledger library infected to facilitate crypto theft

Widely used XRP Ledger Foundation-maintained npm JavaScript library xrpl.js which Ripple recommended for the XRP blockchain has been compromised with malicious code enabling the exfiltration of XRP wallet seeds and private keys, which could then be used to pilfer cryptocurrency wallet assets, reports BleepingComputer.

Nearly half a dozen xrpl npm package versions, which have amassed 452 downloads, had their "/src/index.ts" file modified to include the "checkValidityOfSeed" function concealed with the use of an "ad-referral" user agent, with the function sought to enable XRP wallet seed, private key, and mnemonic theft, an analysis from Aikido, a developer security firm. Attackers could then leverage such details to drain funds from imported XRP wallets. Users of the compromised xrpl npm packages have been advised to rotate their private keys, deactivate master keys, and upgrade to the latest v4.2.5 of the library as the XRP Ledger Foundation emphasized that the supply chain intrusion did not affect its codebase or GitHub repository, as well as the Xaman Wallet, First Ledger, XRPScan, and Gen3 Games projects.