• Latest
  • All
  • Breaking
  • Announcements
  • Learn
  • Analysis
  • Current events
XRP Ledger Bug Patched After ‘Serious’ Flaw Spotted in XRPL Library

XRP Ledger Bug Patched After ‘Serious’ Flaw Spotted in XRPL Library

April 23, 2025

Binance Alpha 将在 8 月 15 日上线 TCOM Global (TCOM)

August 13, 2025
US prosecutors double down on 10-year sentence for HashFlare co-founders

US prosecutors double down on 10-year sentence for HashFlare co-founders

August 13, 2025

Grayscale launches two trusts linked to Sui ecosystem protocols

August 13, 2025

Ethereum dev detained in Turkey donates to Roman Storm’s defense fund

August 13, 2025

Crypto crime unit with $250M in seizures expands with Binance

August 13, 2025

Coinbase revives stablecoin bootstrap fund to boost USDC in DeFi

August 13, 2025

OpenEden taps BNY Mellon to manage tokenized US Treasury assets

August 13, 2025

HashFlare founders given time served for $577M crypto Ponzi

August 13, 2025

Ethereum whales scoop sales by traders in ‘disbelief’ of rally: Santiment

August 13, 2025

US takes down sites, seizes $1M from crypto ransomware gang BlackSuit

August 13, 2025

US prosecutors double down on 10-year sentence for HashFlare co-founders

August 13, 2025
SEC to focus on ‘clear’ crypto regulations after Ripple case: Atkins

SEC to focus on ‘clear’ crypto regulations after Ripple case: Atkins

August 12, 2025
Wednesday, August 13, 2025
8V Crypto Academy
8V Academy - 8V.com - Your Cryptocurrency Gateway
  • About 8V
    • 8V Exchange
    • 8V Blog
  • Market Beat
    • Today Real-time Market Data
    • Web3
    • Breaking
    • Tokens
    • Markets
    • Compliance
    • Exchanges
    • Tech
    • GameFi
    • NFT
    • Defi
    • Miscellaneous
  • Platform
    • 8V Announcements
    • Events
      • Current Events
      • Closed Events
    • Product
      • 8V Overview
      • Assets
      • Exchange
        • Spot Trading
        • Futures Trading
        • Leverage Trading
      • Copy Trading
      • Earn
        • Fixed
        • Flexible
      • Cryptocurrency Debit Card
      • Buy Crypto Instantly
      • Strategy Trading
    • Trading Fees and Limits
    • 8V Exchange API
    • Referral Scheme
    • Bug Bounty
    • FAQ
      • Account Functions
      • Deposits & Withdrawals
      • Others
  • Academy
    • How To Buy Crypto
    • Learning Centre
    • Analysis Center
    • Crypto Glossary
  • Business
    • Coin Listing Request
    • Crypto Trader Application
    • Partnerships
  • Policy
    • Privacy Policy
    • Service Agreement
    • Disclaimer
    • Compliance Notice
  • English
    • English
    • 中文 (台灣)
    • 中文 (中国)
  • Members
    • Login
    • Register
    • Activate
    • Add New Friends
No Result
View All Result
  • About 8V
    • 8V Exchange
    • 8V Blog
  • Market Beat
    • Today Real-time Market Data
    • Web3
    • Breaking
    • Tokens
    • Markets
    • Compliance
    • Exchanges
    • Tech
    • GameFi
    • NFT
    • Defi
    • Miscellaneous
  • Platform
    • 8V Announcements
    • Events
      • Current Events
      • Closed Events
    • Product
      • 8V Overview
      • Assets
      • Exchange
        • Spot Trading
        • Futures Trading
        • Leverage Trading
      • Copy Trading
      • Earn
        • Fixed
        • Flexible
      • Cryptocurrency Debit Card
      • Buy Crypto Instantly
      • Strategy Trading
    • Trading Fees and Limits
    • 8V Exchange API
    • Referral Scheme
    • Bug Bounty
    • FAQ
      • Account Functions
      • Deposits & Withdrawals
      • Others
  • Academy
    • How To Buy Crypto
    • Learning Centre
    • Analysis Center
    • Crypto Glossary
  • Business
    • Coin Listing Request
    • Crypto Trader Application
    • Partnerships
  • Policy
    • Privacy Policy
    • Service Agreement
    • Disclaimer
    • Compliance Notice
  • English
    • English
    • 中文 (台灣)
    • 中文 (中国)
  • Members
    • Login
    • Register
    • Activate
    • Add New Friends
No Result
View All Result
8V Crypto Academy
No Result
View All Result

XRP Ledger Bug Patched After ‘Serious’ Flaw Spotted in XRPL Library

April 23, 2025
in Breaking, News
Reading Time: 9 mins read
A A

BTC

$94,347.36

+

6.51%

ETH

$1,796.40

+

10.49%

USDT

$1.0001

+

0.02%

XRP

$2.3002

+

9.26%

BNB

$616.18

+

1.60%

SOL

$152.60

+

9.16%

USDC

$0.9998

–

0.01%

DOGE

$0.1832

+

11.63%

ADA

$0.7088

+

10.83%

TRX

$0.2465

–

0.69%

LINK

$14.97

+

11.59%

AVAX

$22.99

+

13.57%

SUI

$2.9224

+

26.17%

XLM

$0.2734

+

10.12%

LEO

$9.0675

–

0.17%

SHIB

$0.0₄1377

+

9.79%

HBAR

$0.1879

+

8.72%

TON

$3.1386

+

7.00%

BCH

$361.91

+

4.12%

LTC

$85.10

+

7.04%

Markets

Share this article

By Shaurya Malwa|Edited by Parikshit Mishra

Apr 23, 2025, 8:00 a.m.

(Pixabay)
  • A threat actor exploited an XRP Ledger developer access token to publish illicit code, potentially causing a catastrophic impact on the network.
  • The vulnerability affected specific versions of the Node Package Manager, but major XRP services like Xaman Wallet and XRPScan were unaffected.
  • The XRP Ledger Foundation quickly released updated versions of the tool to fix the issue, urging projects to upgrade to the latest version immediately.

A threat actor seemingly exploited an XRP Ledger’s developer access token to publish illicit code to the burgeoning network in a move that could have been “catastrophic” for the network, the security team that spotted the issue said in an update.

Charlie Eriksen, a researcher at Aikido Security who first spotted the problem, said a hidden issue was added to recent versions of a new toolkit used to build apps that work with the XRP Ledger.

STORY CONTINUES BELOW

Don’t miss another story.Subscribe to the Crypto Long & Short Newsletter today.See all newslettersBy signing up, you will receive emails about CoinDesk products and you agree to ourterms of useandprivacy policy.

“A developer’s NPM access token was stolen by the threat actors,” Aikido said on X. “It is unclear how right now. It is also unclear who the threat actors are right now (although we have a hunch we are trying to confirm).”

The issue only affects versions of Node Package Manager (NPM), a site where developers share reusable code for projects. Major XRP-related services, like Xaman Wallet and XRPScan, said they were unaffected in separate X posts.

This flaw could let attackers steal users’ private keys, possibly accessing their crypto wallets in theory.

“At 21 Apr, 20:53 GMT+0, our system, Aikido Intel started to alert us to five new package version of the xrpl package. It is the official SDK for the XRP Ledger, with more than 140.000 weekly downloads,” Eriksen said in a security update.

“This package is used by hundreds of thousands of applications and websites making it a potentially catastrophic supply chain attack on the cryptocurrency ecosystem,” Eriksen noted.

He added that only third-party apps or services that installed the flawed versions during a brief period could be at risk.

As such, the XRP Ledger Foundation team quickly fixed the issue by releasing updated versions of the tool to replace the faulty ones. The affected versions (v4.2.1-4.2.4 and v2.14.2) were deprecated.

“To clarify: This vulnerability is in xrpl.js, a JavaScript library for interacting with the XRP Ledger. It does NOT affect the XRP Ledger codebase or Github repository itself. Projects using xrpl.js should upgrade to v4.2.5 immediately,” the foundation posted separately.

A JavaScript library is a collection of pre-written code to simplify tasks in web development. A GitHub repo is an online storage space for a project’s code, files, and history, hosted on GitHub.

XRP prices are up 8.5% in the past 24 hours alongside a broader market jump.

Shaurya is the Co-Leader of the CoinDesk tokens and data team in Asia with a focus on crypto derivatives, DeFi, market microstructure, and protocol analysis.

Shaurya holds over $1,000 in BTC, ETH, SOL, AVAX, SUSHI, CRV, NEAR, YFI, YFII, SHIB, DOGE, USDT, USDC, BNB, MANA, MLN, LINK, XMR, ALGO, VET, CAKE, AAVE, COMP, ROOK, TRX, SNX, RUNE, FTM, ZIL, KSM, ENJ, CKB, JOE, GHST, PERP, BTRFLY, OHM, BANANA, ROME, BURGER, SPIRIT, and ORCA.

He provides over $1,000 to liquidity pools on Compound, Curve, SushiSwap, PancakeSwap, BurgerSwap, Orca, AnySwap, SpiritSwap, Rook Protocol, Yearn Finance, Synthetix, Harvest, Redacted Cartel, OlympusDAO, Rome, Trader Joe, and SUN.

Shaurya Malwa


Contact

DISCLOSURE & POLICES

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.

EthicsPrivacyTerms of UseCookie SettingsDo Not Sell My Info


© 2025 CoinDesk, Inc.

 

Previous Post

Bitcoin Becomes Fifth Largest Global Asset, Surpasses Google’s Market Cap

Next Post

Tesla Reports $951M in Crypto Holdings as It Misses Earnings

Related Posts

Miscellaneous

Binance Alpha 将在 8 月 15 日上线 TCOM Global (TCOM)

August 13, 2025
US prosecutors double down on 10-year sentence for HashFlare co-founders
Breaking

US prosecutors double down on 10-year sentence for HashFlare co-founders

August 13, 2025
Breaking

Grayscale launches two trusts linked to Sui ecosystem protocols

August 13, 2025
Breaking

Ethereum dev detained in Turkey donates to Roman Storm’s defense fund

August 13, 2025
Breaking

Crypto crime unit with $250M in seizures expands with Binance

August 13, 2025
Breaking

Coinbase revives stablecoin bootstrap fund to boost USDC in DeFi

August 13, 2025
Next Post

Tesla Reports $951M in Crypto Holdings as It Misses Earnings

Please login to join discussion
Top 20 Coins
Click on coin symbol for more information.
SYMBOL
PRICE
1D%
1W%
TREND
No Rows To Show
to of
Page of
Powered By 8V.com

Academy Analysis Announcements Blog Breaking Closed events Compliance Current events Events GameFi Learn Miscellaneous News NFT Platform Tech

  • Top 10 Altcoins to Watch in Q4 2025 to Q4 2026
  • 2026 Crypto Trend Prediction: Uncovering Future Shifts in Crypto Sectors
  • Unveiling the Future: Can Ethereum’s Upgrade Solve Economic Scalability Challenges
  • Elon Musk and Crypto: A Comprehensive Analysis and Shift in Strategy
  • Surviving the Crypto Shakeout: A Deep Dive into 1,200 Seed-Funded Projects from the Last Two Years
  • Analyzing Uniswap & Unichain
  • Analyzing Bitcoin Mining Pools and the Impact of Bitcoin Halving
8v.com - download APP 8v.com - download APP 8v.com - download APP
  • About 8V
  • Download APP
  • Announcements
  • Breaking News
  • RSS Feeds
  • Service Agreement
  • Privacy Policy
  • Disclaimer

© 2025 8V.com - 8V Crypto Academy - Empower your crypto journey! 8V.com

No Result
View All Result
  • About 8V
    • 8V Exchange
    • 8V Blog
  • Market Beat
    • Today Real-time Market Data
    • Web3
    • Breaking
    • Tokens
    • Markets
    • Compliance
    • Exchanges
    • Tech
    • GameFi
    • NFT
    • Defi
    • Miscellaneous
  • Platform
    • 8V Announcements
    • Events
      • Current Events
      • Closed Events
    • Product
      • 8V Overview
      • Assets
      • Exchange
      • Copy Trading
      • Earn
      • Cryptocurrency Debit Card
      • Buy Crypto Instantly
      • Strategy Trading
    • Trading Fees and Limits
    • 8V Exchange API
    • Referral Scheme
    • Bug Bounty
    • FAQ
      • Account Functions
      • Deposits & Withdrawals
      • Others
  • Academy
    • How To Buy Crypto
    • Learning Centre
    • Analysis Center
    • Crypto Glossary
  • Business
    • Coin Listing Request
    • Crypto Trader Application
    • Partnerships
  • Policy
    • Privacy Policy
    • Service Agreement
    • Disclaimer
    • Compliance Notice
  • English
    • English
    • 中文 (台灣)
    • 中文 (中国)
  • Members
    • Login
    • Register
    • Activate
    • Add New Friends

© 2025 8V.com - 8V Crypto Academy - Empower your crypto journey! 8V.com