The XRP community has received a decisive security alert after a recent tweet by the Aikido Security.
in tweetAikido Security said that he discovered the back door in the official XRPL NPM package, a famous library to integrate the Javascript/Typescript app with Professor XRP book when needed to advance. This back door steals special keys and sends it to the attackers, prompting an urgent alert to all XRP developers and projects.
According to Aikido Security, versions were hacked from 4.2.1 to 4.2.4 of the XRPL NPM package. The hacked versions were included as 4.2.4, 2.14.2, 4.2.3, 4.2.2 and 4.2.1.
Thomas Celker, head of analyzes and compliance at InfTF, re -tweeting the Aikido Security Publication and issued a warning: “Be aware. Make sure your project is not used the latest version of NPM, because it will bargain with all the accounts created with the library.”
What happens here?
Vet, which is XRPL, a similar warning: “XRP LEDGER Devs and projects – if you use the XRPL JS library, do not update or use any version 4.2.1 or higher. It’s at risk – any project that uses the latest version of XRPL JS that puts users and financing at risk.
Related
The infrastructure provider network tweeted an urgent alert network while sharing the Aikido Security Warning: “This has been verified. The latest version of the NPM package is hacked.
Dennis Angel, a software engineer at XRPL LABS and Xhau, stated that the current stable version of XRPL.js is 4.2.0.
XAMAN Builder, XRPL LABS, stated that “XRPL.js NPM package at risk does not affect the XAMAN wallet. XAMAN uses the internal infrastructure and libraries developed by XRPL laboratories.
