An apparently threat actor exploded the developer access token of an XRP book book to publish illicit code to the flourishing network in a movement that could have been “catastrophic” for the network, the security team that detected the problem in an update.
Charlie Eriksen, an Aikido Security researcher who first saw the problem, said a hidden problem to recent versions of a new set of tools used to create applications that work with the Book Mayor XRP was added.
“Threat actors stole the NPM access token from a developer,” Aikido said in X. “It is not clear how at this time. It is not clear who the threat actors are at this time (although we have a feeling that we are trying to confirm).”
The problem only affects the versions of Node Package Manager (NPM), a place where developers share reusable code for projects. The main XRP -related services, such as Xaman Wallet and Xrpscan, said they were not affected in separate X posts.
This defect could allow attackers to steal the private keys of users, possibly accessing their cryptographic wallets in theory.
“On April 21, 20:53 GMT+0, our system, Aikido Intel began to alert us about five new package version of the XRPL package. It is the official SDK for the Book Mayor XRP, with more than 140,000 weekly discharges,” Eriksen said in a safety update.
“This package is used by hundreds of thousands of applications and websites, which makes it a potentially catastrophic supply chain attack against the cryptocurrency ecosystem,” Eriksen said.
He added that only third -party applications or services that installed defective versions for a short period could be at risk.
As such, the Ledger XRP Foundation team quickly solved the problem by launching updated tool versions to replace the defective ones. The affected versions (V4.2.1-4.2.4 and V2.14.2) were in disuse.
“To clarify: this vulnerability is found in XRPL.JS, a JavaScript library to interact with the XRP LEDger. It does not affect the XRP Book Code Base or the Github repository.
A JavaScript library is a collection of pre -written code to simplify tasks in web development. A github repository is an online storage space for the code, files and history history, hosted in Github.
XRP prices increased 8.5% in the last 24 hours along with a broader market jump.
