A threat actor who seems to be taking advantage of a XRP Ledger developer token to publish the forbidden Burgeoning Network code in a step that can be “catastrophic” for the network, the security team who saw the issue said in an update.
Charlie Eriksen, a researcher at Aikido Security who first saw the problem, said a hidden issue was added to recent versions of a new toolkit used to develop apps that work with XRP Ledger.
“A token of accessing a developer has been stolen by the threat actors,” Aikido told X. “It’s unclear how now. It’s also unclear who are the threats of actors today (even if we have a hunch we are trying to confirm).”
The issue only affects the node package manager (NPM) versions, a site where developers share available code for projects. Basic services associated with XRP, such as Xaman Wallet and XRPSCAN, they said Not affected In separate posts of x.
This flaw can let attacks steal private keys of users, perhaps accessing their crypto wallets in theory.
“On April 21, 20:53 GMT+0, our system, Aikido Intel started alerting us with the five new versions of the XRPL package. This is the official SDK for the XRP Ledger, with more than 140.000 weekly download,” Eriksen said in a security update.
“This package is used by the way -thousands of applications and websites that make it a potential catastrophe that attacks the chain in the cryptocurrency ecosystem,” Eriksen said.
He added that third-party apps or services installed flawed versions in a short time can be dangerous.
As a result, the XRP Ledger Foundation team quickly fixed the issue by releasing the updated versions of the tool to replace the faulty. The affected versions (v4.2.1-4.2.4 and V2.14.2) were removed.
“To clarify: This weakness is in XRPL.JS, a JavaScript library for interacting with the XRP ledger. It does not affect the XRP ledger codebase or github repository itself. Projects that use XRPL.JS should upgrade to v4.2.5 immediately,” the foundation has been posting separately.
A JavaScript library is a collection of pre-written code to simplify web development tasks. A GitHub Repo is an online storage space for the code, file, and history of a project, which is set in GitHub.
XRP prices reach 8.5% in the past 24 hours next to a wider jump.
