<ul><li>The XRP Ledger Foundation has issued a security warning regarding a critical vulnerability in its official JavaScript library, xrpl.js.</li><li>The affected versions (v4.2.1-v4.2.4 and v2.14.2) contained a backdoor function named checkValidityOfSeed, which could steal private keys by sending them to an unauthorized domain.</li><li>The vulnerability was caused by a supply chain attack and the compromised versions were published by an individual using the NPM account 'mukulljangid'.</li><li>Developers and projects utilizing the vulnerable versions are advised to update to the patched version (v4.2.5) or downgrade to the unaffected version (v2.14.3) to prevent unauthorized access and loss of funds.</li></ul>

XRP Ledger Foundation Flags JavaScript Security Risk—Update Required

Discover more