A security incident has been uncovered in the official XRP Ledger SDK distributed through the NPM registry. Unauthorized versions of the xrpl package, specifically 4.2.1 through 4.2.4, have been discovered to contain a backdoor that steals private keys from users. This vulnerability was identified by Aikido Security on April 21st and confirmed upon further investigation. The compromised packages appeared on NPM without corresponding releases on the official GitHub repository, indicating unauthorized activity. This discrepancy prompted a deeper investigation revealing malicious code embedded within the SDK’s core files. This backdoor allows attackers to extract private keys when users create wallets, which are then sent to an external server under the attacker’s control. 🚨We have discovered a backdoor in the official #xrpl NPM package. This back door steals private keys and sends them to attackers. The affected versions 4.2.1 – 4.2.4, if you are using an earlier version, do not upgrade.#crypto #malware #npm