Key Notes
- The backdoor found in xrpl.js versions 4.2.1 to 4.2.4 could expose private keys on XRPL.
- Core XRP Ledger is unaffected, but library apps may be at risk.
- Xaman and XRPScan confirmed their platforms are secure and not impacted.
A new security concern has emerged in the XRP Ledger (XRPL) community. Reports show that a backdoor has been discovered in the official XRPL NPM package. The vulnerability, which could lead to stolen private keys and lost funds, has put developers and users on high alert.
XRP Ledger: Backdoor Found in Popular xrpl.js Library
According to reports, cybersecurity firm Aikido Security revealed on social media that the xrpl.js library, a key tool used by developers to build applications on the XRP Ledger, had been compromised. It was reported that a hidden backdoor was found in versions 4.2.1 to 4.2.4 of the library.
According to Aikido, this vulnerability allows the library to secretly send private keys to attackers, putting user wallets at risk. It is worth noting that the warning was first posted on April 22.
Alongside the post, Aikido Security uploaded a screenshot showing part of the malicious code in a file named new Striptest(). As detailed, this file was designed to steal sensitive information without the knowledge of users or developers.
It is important to add that the revelation has stirred up concerns across the crypto development space. Since the announcement on X, projects using the affected library versions are urged to downgrade immediately.
Aikido Security also warned that those using earlier versions should avoid upgrading for now. The xrpl.js library is hosted on the NPM platform, making it widely accessible and widely integrated into various crypto apps and tools.
Security researchers and digital assets community members on X are helping to spread the warning. It was clarified that the core XRP Ledger remains unaffected. However, concern grew around projects and applications that rely on the compromised library, as they could still expose users to serious risks.
A user mentioned the discovery and stressed the importance of returning to a safe version. As of this publication, the post from Aikido Security had received over 146,000 views within hours, underlining how seriously the community took the update.
This marks another notable vulnerability in 2025. Coinspeaker reported that UniLend Finance suffered a $197,000 loss due to a flaw in calculating collateral token balances.
XRPScan and Xaman Wallet Confirm They Are Unaffected
It is worth noting that while responding to the growing concern, the team behind Explorer XRPScan stated that the platform is safe. According to the X post, XRPScan does not process private keys and uses an earlier version of the xrpl.js library that does not contain the backdoor.
xrpscan is safe from this xrpl.js supply-chain vulnerability. We do not process private keys and use an older version of xrpl.js. For projects using xrpl.js, we recommend double checking the library versions asap, especially if any update was made recently. https://t.co/0sDmnqkBPb
— XRPScan (@xrpscan) April 22, 2025
In addition, the team advised all developers to review their code and check their dependencies immediately, especially if updates had been made recently.
XRPL Labs has also reacted to the situation. The group behind Xaman Wallet confirmed that their infrastructure does not rely on the vulnerable library. They also clarified that Xaman handles private keys using its systems, which keeps its users safe from compromise.
This incident emphasizes the critical need for thorough reviews of third-party tools in crypto development. As previously reported by Coinspeaker, Bybit has taken steps to strengthen its security following a February hack. The exchange recently announced a partnership with Zodia Custody to help prevent future exploits.
nextDisclaimer: Coinspeaker is committed to providing unbiased and transparent reporting. This article aims to deliver accurate and timely information but should not be taken as financial or investment advice. Since market conditions can change rapidly, we encourage you to verify information on your own and consult with a professional before making any decisions based on this content.
