<ul><li>Malicious versions of the popular XRP developer library xrpl.js were uploaded to npm, containing code that leaked private keys.</li><li>The rogue versions were not present on the library’s official GitHub, and were flagged by security firm Aikido.</li><li>The XRP Ledger Foundation removed the infected packages and released a clean update (v4.2.5).</li><li>Projects using compromised versions could have exposed users to wallet breaches; developers are urged to update and rotate keys.</li></ul>

Crypto-Stealing Code Found in XRP Toolkit, Devs Urged to Update

Discover more