A cybersecurity expert has issued a warning to XRP holders following a major security breach impacting the XRPL JavaScript SDK used by countless crypto developers. The attacker infiltrated official versions of the package on NPM, a popular package manager for crypto projects, and inserted malicious code that could steal private keys from users. 4.2.1 through 4.2.4 and 2.14.2 versions are particularly vulnerable. Aikido Security, who discovered the breach, noted it was uploaded to NPM on April 21 and allows hackers to extract users’ private keys without detection. This exploit could affect countless apps relying on automatic updates, potentially leading to loss of assets for unsuspecting users.