Main notes
- The rear door in XRPL.js 4.2.1 versions can be displayed to 4.2.4 special keys on XRPL.
- Ledger Core XRP price is not affected, but library applications may be at risk.
- XAMAN and XRPSCAN have confirmed that their platforms are safe and not affected.
A new security concern appeared in the Ledger XRP (XRPL). Reports indicate that the rear door was discovered in the official XRPL NPM package. Weakness, which can lead to special stolen keys and lost boxes, put developers and users at maximum alert.
XRP LEDGER: BackDoor found in the famous xrpl.js library
According to reports, the AIKIDO Security Company revealed on social media that the XRPL.js library, a major tool that developers use to create applications on LEDGER XRP, have been at risk. It is reported that the hidden rear door was found in versions 4.2.1 to 4.2.4 of the library.
According to Aikido, this security vulnerability allows the library to send special keys to the attackers, which puts the user’s portfolios. It should be noted that the warning was first published on April 22.
Besides the post, Aikido Security downloaded a screenshot of a part of the harmful code in a file called New Striptest (). As is detailed, this file is designed to steal sensitive information without knowing users or developers.
It is important to add that the revelation raised concerns through the space to develop encryption. Since the advertisement of X, projects that use the library versions affected to reduce the classification are urged immediately.
Aikido Security also warned that those who use previous versions should avoid promotion at the present time. The XRPL.js library is hosted on the NPM platform, making it widely available and widely integrated into various encryption applications and tools.
Security researchers and members of the digital asset community help X to spread the warning. It was clarified that the Professor XRP basic book is still not affected. However, concern about projects and applications that depend on the library at risk, as they can still expose users to serious risks.
The user mentioned a discovery and emphasized the importance of returning to a safe version. As of this post, the post from Aikido Security received more than 146,000 views within hours, confirming the seriousness of society in modernization.
This represents another remarkable weakness in 2025. Coinspeaker reported that Unilend Finance was exposed to a loss of $ 197,000 due to a defect in the account of the distinctive side code assets.
XRPSCAN and Xaman portfolio confirm that it is not affected
It should be noted that while responding to increased anxiety, the team behind Explorer XRPScan stated that the platform is safe. According to X Post, XRPSCAN does not process special keys and uses a previous version of the XRPL.js library that does not contain the rear door.
XRPSCAN is safe from the weak supply chain xrpl.js. We do not treat special keys and use an older version of XRPL.js. For projects that use XRPL.js, we recommend a double scan of library versions as quickly as possible, especially if any update is made recently. https://t.co/0SDMNQKBPB
– XRPSCAN (xrpscan) April 22, 2025
In addition, the team advised all the developers to review their code and verify their dependency immediately, especially if the updates are made recently.
XRPL laboratories also responded to the situation. The group behind the Xaman portfolio confirmed that its infrastructure does not depend on the weak library. They also made it clear that Xaman deals with the keys for using their systems, which maintain its users from the settlement.
This incident emphasizes the decisive need for comprehensive reviews of third -party tools in the development of encryption. As I mentioned earlier by Coinspeaker, Bybit took steps to enhance its security after the February penetration. The Stock Exchange recently announced a partnership with Zodia Custody to help prevent future exploits.
the next
Slip: Coinspeaker is committed to providing unbiased and transparent reports. This article aims to provide accurate and timely information, but it should not be considered financial or investment advice. Since market conditions can change quickly, we encourage you to check your information and consult with a professional before making any decisions based on this content.
Benjamin Jodfrey is a blockchain lover and journalist who enjoys writing about the real life applications of Blockchain technology and innovations to pay public acceptance and complementarity all over the world for emerging technology. His desire to educate people about encrypted currencies inspire his contributions to the media and famous sites in Blockchain.
The post Major Security Concern Flagged on XRP Ledger (XRPL) first appeared on Investorempires.com.
