Malicious Backdoor Detected in XRP Ledger SDK: Private Key Theft Confirmed
If you’ve been building on XRP Ledger, check your SDK. A backdoor was quietly funneling private keys to outsiders during wallet creation or recovery. Stay alert.
Aikido Intel has revealed a disturbing breach in the XRP Ledger’s development stack. A stealth backdoor, hidden within the blockchain’s open-source SDK, was quietly siphoning users’ private keys from wallets across the XRP ecosystem—a stark reminder of how open access can mask silent threats.
Aikido Intel reports:
- On April 21, library versions 4.2.1 and 4.2.2 emerged with suspicious modifications.
- By versions 4.2.3 and 4.2.4, the threat actors had woven malware into both the minified JavaScript and the original TypeScript files.
- All affected builds came from the NPM user mukulljangid but were conspicuously absent from the project’s official GitHub repository.
We can see that the attacker was actively working on the attack, trying different ways to insert the backdoor while remaining as hidden as possible. Going from manually inserting the backdoor into the built JavaScript code, into putting it into the TypeScript code and then compiling it down into the built version,
Aikido Intel analysts stated.
An embedded function dubbed checkValidityOfSeed posed a grave threat by discreetly sending wallet private keys and seed phrases to an external domain whenever wallets were created or restored. Network traffic analysis revealed that this domain had been set up mere hours before the hack, confirming the incident’s deliberate, targeted nature.
Check this out: World Bridge Currency: Is XRP the Future of World Bridge Currencies?
The XRP Ledger Foundation didn’t waste a moment—on April 22, they rolled out clean, secure library updates with every trace of malware scrubbed away.
The good news? Big players in the network—XRPScan, First Ledger, and Gen3 Games—were unaffected, since they’d already switched to the safe versions, disabled auto-updates, and refused to run anything unsigned.
Even with patches in place, there’s still danger lurking: over 140,000 downloads a week for the XRP Ledger SDK mean countless apps depend on it. Blockchain security pros recommend that developers double-check which version they’ve got installed and, if it isn’t the safe build, go ahead and reinstall manually ASAP to keep hackers at bay.
Worried your private keys might’ve slipped through compromised code? Here’s what to do:
- Fire up fresh wallets in a locked-down environment where no outside code can meddle,
- Move all your funds over to these new, safe addresses,
- Dive into your network logs looking for anything out of the ordinary—unexpected IPs, odd data spikes, that sort of thing,
- Hook up security-monitoring tools so you’ll know the moment something sketchy pops up.
Here’s the kicker: despite a pretty alarming security scare, XRP barely blinked—in fact, its price jumped over 3.5% by April 23’s closing bell, proof that investors aren’t easily rattled.
Still, this scare serves as a reminder that every crypto project needs iron-clad software delivery checks and a hawk-eyed approach to even the slightest security nuance.
Read on: Expert Tips for Avoiding Scams and Phishing Attacks
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
