A significant threat to the XRP Ledger was recently thwarted when a hacker attempted to exploit a developer’s access token, potentially leading to extensive security issues within the crypto ecosystem.
The vulnerability was unveiled by Charlie Eriksen, a researcher at Aikido Security. This flaw could have given rise to a widespread supply chain attack spanning the cryptocurrency landscape.
Exploitation of Developer Access
According to Aikido Security, the perpetrator accessed a developer’s Node Package Manager (NPM) token, subsequently publishing compromised versions of xrpl.js, the official JavaScript library essential for interacting with the XRP Ledger.
With more than 140,000 downloads weekly, this library is integrated into hundreds of thousands of applications and websites, heightening concerns about the possible scope of the security breach.
“This could have been catastrophic,” Eriksen cautioned in a security update, stating that the vulnerability theoretically enabled attackers to steal private keys, jeopardizing crypto wallets and user funds.
The malicious code was discovered on April 21, when Aikido’s monitoring system flagged five suspicious package versions.
Fortunately, major platforms associated with XRP, including Xaman Wallet and XRPScan, confirmed they were not impacted by the attack.
The threat was confined to third-party applications that might have installed compromised versions—specifically v4.2.1 through v4.2.4 and v2.14.2—during a brief period before the issue was resolved.
In response, the XRP Ledger Foundation acted promptly, deprecating the affected versions and issuing a patched update, v4.2.5. They urged all developers utilizing xrpl.js to upgrade immediately.
The foundation reassured users that the core XRP Ledger codebase and its GitHub repository remained secure since the vulnerability was limited to the external JavaScript library.
While the identity of the hacker is still unknown, Aikido Security has indicated they are investigating potential leads.
Market Resilience Despite Challenges
In the face of these security concerns, XRP prices displayed remarkable resilience, climbing by 8.5% in the last 24 hours amid a broader rally across the cryptocurrency market.
A New Chapter in Ripple Labs’ Legal Battle
In a related development, the long-standing legal battle between Ripple Labs and the U.S. Securities and Exchange Commission (SEC) has concluded, representing a pivotal moment in cryptocurrency regulation.
Back in December 2020, the SEC initiated a lawsuit against Ripple Labs, asserting that the company had engaged in an unregistered securities offering by selling XRP tokens, which allegedly raised over $1.3 billion.
Ripple strongly disputed these allegations, maintaining that XRP is a digital currency rather than a security.
In July 2023, U.S. District Judge Analisa Torres issued a mixed ruling: while she concluded that sales of XRP to institutional investors violated securities laws, she found that sales made on public exchanges did not.
As a result, Ripple was fined $125 million.
In March 2025, Ripple and the SEC reached a settlement agreement. Under the terms of this settlement, Ripple will pay $50 million of the imposed fine, with the remaining $75 million refunded to the company. Both parties also agreed to withdraw their respective appeals, effectively concluding the litigation.
