How Critical XRP Ledger Software Got Compromised With Crypto-Stealing 'Backdoor' In 'Potentially Catastrophic Supply Chain Attack'
Benzinga and Yahoo Finance LLC may earn commission or revenue on some items through the links below.
XRP holders have been targeted in 'a potentially catastrophic' exploit.
Efforts to identify the bad actor are underway.
The XRP Ledger Foundation has responded to the situation, but some projects may have already been affected.
XRP, the cryptocurrency associated with blockchain payments firm Ripple, has increasingly been in the limelight in recent months amid an impressive run of form and regulatory wins. Over the past 24 hours, the project has again grabbed headlines, but not for the reasons users would like.
XRP holders have been targeted in 'a potentially catastrophic' exploit.
Aikido Security, a security platform for developers, on Tuesday reported that the official software development kit of the XRP Ledger, the blockchain underpinning the cryptocurrency, had been compromised in an exploit that likely put millions of user assets at risk.
Don't Miss:
— no wallets, just price speculation and free paper trading to practice different strategies.
Grow your IRA or 401(k) with Crypto – .
'This package is used by hundreds of thousands of applications and websites making it a potentially catastrophic supply chain attack on the cryptocurrency ecosystem,' Aikido Malware researcher Charlie Erikson wrote.
Specifically, a bad actor released malicious versions of the software disguised as updates on the Node Package Manager registry, a website used to manage JavaScript software packages, to compromise projects leveraging the package to build and run applications on the XRPL with crypto-stealing malware.
Aikido said that its systems started flagging the exploit at 20:53 UTC on Monday when a user with the moniker 'mukulljangid' started releasing new versions of the SDK on NPM. But the firm could not match these releases to corresponding versions on the official GitHub, raising red flags.
On further investigation, Aikido said it found that the new version releases contained malicious code that created a backdoor for attackers to steal user private keys, which they could use to gain unauthorized access to wallets.
Trending: New to crypto? on Coinbase.
According to Aikido, the attacker appeared to improve the sophistication of the exploit with each version release: 'Going from manually inserting the backdoor into the built JavaScript code, into putting it into the TypeScript code and then compiling it down into the built version.'
Explaining how the bad actor accessed the XRPL SDK NPM in the first place, Aikido said that a developer's access token must have been stolen, though it is currently unclear how. The firm also said it had 'a hunch' on who the bad actors might be but was trying to confirm.
The XRP Ledger Foundation has since deprecated the malicious version releases on NPM and released two new versions of the SDK to override the compromised packages. The team has also promised a full post-mortem.
Aikido urged projects using the SDK to inspect their network logs to ensure they were not been compromised.
'If you believe that you may have been impacted, it's important to assume that any seed or private key that was processed by the code has been compromised. Those keys should no longer be used, and any assets associated with them should be moved to another wallet/key immediately,' Erikson wrote.
Decentralized applications on the XRP Ledger hold over $80 million in user assets.
Read Next:
A must-have for all crypto enthusiasts: .
Maximize saving for your retirement and cut down taxes: .
Image: Shutterstock
Send To MSN: 0
This article How Critical XRP Ledger Software Got Compromised With Crypto-Stealing 'Backdoor' In 'Potentially Catastrophic Supply Chain Attack' originally appeared on Benzinga.com
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Business Upturn
6 hours ago
- Business Upturn
Nimanode Launches $NMA Token Presale, Pioneering the First No-Code AI Agent Platform on XRP Ledger
By GlobeNewswire Published on June 7, 2025, 15:33 IST LEEDS, United Kingdom, June 07, 2025 (GLOBE NEWSWIRE) — Nimanode, a pioneering protocol building AI-driven autonomous agents on the XRP Ledger (XRPL), has officially launched the presale of its native utility token, $NMA. As the first no-code AI agent builder on XRPL, Nimanode empowers users to deploy, customize, and manage intelligent blockchain agents without writing a single line of code. With over 45% of the 90 million $NMA tokens allocated to the presale already in motion, Nimanode is attracting early interest from both individual investors and large XRP holders who recognize the platform's potential to transform automation within decentralized ecosystems. $NMA Token Presale Bringing Agentic Automation to the XRP Ledger Nimanode aims to reshape how work is executed on-chain by enabling autonomous agents—AI-driven programs capable of completing blockchain tasks on behalf of users. Core features of the protocol include: Zero-Code Agent Builder – Build and deploy AI agents through an intuitive interface – Build and deploy AI agents through an intuitive interface Autonomous Agent Execution – Agents can act independently across blockchain workflows – Agents can act independently across blockchain workflows Agent Marketplace – Access or monetize premium agent templates – Access or monetize premium agent templates Deep XRPL Integration – Leverages XRP Ledger's performance and scalability 'The $NMA token will serve as the backbone of the Nimanode ecosystem,' said a representative from the Nimanode team. 'From deploying agents to earning through staking and participating in governance, $NMA enables a truly participatory AI economy on-chain.' Utility and Use Cases of $NMA The $NMA token offers multiple functions within the Nimanode platform: Agent Deployment : Users must hold a minimum balance of $NMA to activate AI agents : Users must hold a minimum balance of $NMA to activate AI agents Agent Customization : Developers can upgrade or build advanced agents using $NMA : Developers can upgrade or build advanced agents using $NMA Marketplace Access : Use $NMA to unlock premium agents or benefit from discounts : Use $NMA to unlock premium agents or benefit from discounts Staking Rewards : Earn passive income by staking $NMA into the protocol's reward pool : Earn passive income by staking $NMA into the protocol's reward pool Governance Participation: Vote on proposals and shape future platform upgrades Following the presale, $NMA is expected to list on decentralized exchanges at a 25% higher price, offering early participants an incentivized entry. How to Join the $NMA Presale Participants can acquire $NMA using XRP via the official Nimanode presale portal. Here's how to participate: Purchase XRP via exchanges such as Binance, Coinbase, or Bybit Transfer XRP to a compatible wallet (e.g., Xaman Wallet) Visit and follow instructions on the presale page Send XRP to the designated address and receive $NMA via airdrop after the presale ends The Nimanode presale is now live and available to the public for a limited time. About Nimanode Nimanode is building the first AI protocol layer on the XRP Ledger, allowing artificial intelligence not only to support blockchain ecosystems—but to live natively within them. The platform's agentic architecture aims to redefine DeFi, work automation, and intelligent interaction across decentralized applications. Media Contact Nimanode Communications Email: [email protected]Website: Documentation: Contact:Nick Lambert [email protected] Disclaimer : This is a paid post and is provided by Nimanode. The statements, views, and opinions expressed in this content are solely those of the content provider and do not necessarily reflect the views of this media platform or its publisher. We do not endorse, verify, or guarantee the accuracy, completeness, or reliability of any information presented. We do not guarantee any claims, statements, or promises made in this article. This content is for informational purposes only and should not be considered financial, investment, or trading in crypto and mining-related opportunities involves significant risks, including the potential loss of capital. It is possible to lose all your capital. These products may not be suitable for everyone, and you should ensure that you understand the risks involved. Seek independent advice if necessary. Speculate only with funds that you can afford to lose. Readers are strongly encouraged to conduct their own research and consult with a qualified financial advisor before making any investment decisions. However, due to the inherently speculative nature of the blockchain sector—including cryptocurrency, NFTs, and mining—complete accuracy cannot always be the media platform nor the publisher shall be held responsible for any fraudulent activities, misrepresentations, or financial losses arising from the content of this press release. In the event of any legal claims or charges against this article, we accept no liability or responsibility. Globenewswire does not endorse any content on this page. Legal Disclaimer: This media platform provides the content of this article on an 'as-is' basis, without any warranties or representations of any kind, express or implied. We assume no responsibility for any inaccuracies, errors, or omissions. We do not assume any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information presented herein. Any concerns, complaints, or copyright issues related to this article should be directed to the content provider mentioned above. A photo accompanying this announcement is available at Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. Business Upturn takes no editorial responsibility for the same. GlobeNewswire provides press release distribution services globally, with substantial operations in North America and Europe.
Yahoo
7 hours ago
- Yahoo
Should You Invest $1,000 in XRP Today?
XRP has been a strong performer in the crypto sector since Trump won the election. The token's main use case is for cross-border payments. Ripple, the company behind XRP, has been very active this year in continuing to build out its business. 10 stocks we like better than XRP › Aside from Bitcoin, few cryptocurrencies have benefited more than XRP (CRYPTO: XRP) from President Donald Trump's election win back in November. Now the fourth-largest cryptocurrency in the world by market value, XRP has blasted more than 330% higher (as of June 5). Trump's win ushered in a new regulatory regime for cryptocurrencies, one less focused on caution and more focused on growth. The win also removed several regulatory headwinds for XRP. After experiencing such a strong run built on several strong catalysts, should you still invest $1,000 in XRP today? The big catalyst for XRP was getting the U.S. Securities and Exchange Commission (SEC) off its back. In 2020, the SEC sued Ripple, the company behind XRP, as well as Ripple co-founder Chris Larsen and Ripple's current Chief Executive Officer Brad Garlinghouse, for selling XRP as an unregistered security back in 2013. Investors viewed the case as a big deal because it could have set a precedent for the SEC's regulatory jurisdiction over many cryptocurrencies. While Ripple appeared to get a partial victory in 2023 when a federal judge ruled that sales of XRP to retail investors did not constitute sales of unregistered securities, the SEC appealed the case. Only after Trump won the presidential election, eventually leading to the resignation of SEC Chair Gary Gensler, did the lawsuit eventually end, removing a big overhang for Ripple and XRP. With the lawsuit now in the rear view, Ripple has been able to focus on its cross-border payments business, which leverages XRP, to help businesses move money globally more efficiently. Furthermore, Ripple launched its own stablecoin, called RLUSD. XRP can also benefit from RLUSD because it serves as a bridge currency, helping people who want to transfer other currencies to RLUSD and vice versa. Ripple also paid $1.25 billion to acquire prime broker Hidden Road in one of the largest acquisitions made in the crypto industry. Management believes the move could accelerate institutional adoption. Ripple also said that Hidden Road will eventually move post-trade activity to the XRP ledger to streamline operations and reduce costs, aiming to make XRP's ledger the main blockchain network for institutional decentralized finance. Ripple could also potentially serve customers of Hidden Road seeking digital asset custody, similar to what a bank offers. Other potential catalysts include the future launch of spot price XRP exchange-traded funds (ETFs), which actually buy and store cryptocurrencies and then sell shares based on how much they own, with the goal of tracking a cryptocurrency's price. Ripple could also go public at some point. While Garlinghouse has said the company is not interested in doing this right now, it could still happen at some point. Cryptocurrencies are hard to value because they don't generate cash flow and earnings and trade heavily on momentum and on broader sentiment about the sector. The good news is that XRP has a compelling use case in its ability to process 1,500 transactions per second, making it an ideal blockchain and token for cross-border payments. The bad news is that there are competitors that can also process lots of transactions per second. But XRP is part of a growing ecosystem within Ripple, which now has its own stablecoin and a huge prime broker, on top of the existing bank clients. This could give XRP a leg up in becoming the preferred token for institutions conducting cross-border payments. For this reason, I think XRP is worth a small, speculative investment, but I wouldn't invest too heavily in the token just yet because it's still too volatile. Consider how much $1,000 means to you financially when investing in XRP. If it's a big part of your portfolio, it's prudent to invest less. If you can invest $1,000 and not worry too much about losing it, then definitely invest because, long term, XRP could have a ton of upside. Before you buy stock in XRP, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the for investors to buy now… and XRP wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $674,395!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $858,011!* Now, it's worth noting Stock Advisor's total average return is 997% — a market-crushing outperformance compared to 172% for the S&P 500. Don't miss out on the latest top 10 list, available when you join . See the 10 stocks » *Stock Advisor returns as of June 2, 2025 Bram Berkowitz has positions in Bitcoin and XRP. The Motley Fool has positions in and recommends Bitcoin and XRP. The Motley Fool has a disclosure policy. Should You Invest $1,000 in XRP Today? was originally published by The Motley Fool Fehler beim Abrufen der Daten Melden Sie sich an, um Ihr Portfolio aufzurufen. Fehler beim Abrufen der Daten Fehler beim Abrufen der Daten Fehler beim Abrufen der Daten Fehler beim Abrufen der Daten
Yahoo
10 hours ago
- Yahoo
Crypto Treasury Companies Are Bullish on Bitcoin and XRP. But Don't Invest.
Start-ups are piling Bitcoin and XRP onto their balance sheets for a few reasons. It's questionable whether their shareholders are getting any value. Owning these assets directly is probably the safer option. 10 stocks we like better than Bitcoin › Strategy (NASDAQ: MSTR) (formerly called MicroStrategy) famously pioneered the Bitcoin (CRYPTO: BTC) treasury concept, buying the crypto and holding it on the company's balance sheet. Now, a crop of start-ups promises to provide the same kind of leveraged exposure to select digital assets for anyone willing to buy their shares. But before you hand any treasury operator a dime, it's important to look at who really captures the value they're advertising, and to understand how the existence of these companies might be favorable for the coins you hold. In a nutshell, crypto treasury companies are businesses that accumulate cryptocurrency assets such as Bitcoin and XRP (CRYPTO: XRP) on their corporate balance sheets. Their aim is to provide investors with indirect exposure to these digital assets while theoretically offering some diversification or additional value compared to investors just buying and holding the main underlying asset. They are a very recent phenomenon, and most will probably not survive even if their main assets do fine during the next decade or so. Over the last quarter, at least five companies launched or pivoted to stockpiling coins as their main strategy, or as a pillar of their financing strategy for their other lines of business. Hong Kong-based logistics group Reitar Logtech Holdings just filed to buy as many as 15,000 Bitcoins, worth roughly $1.5 billion at today's prices. Another company, Twenty One Capital, wants to procure 42,000 Bitcoins, enough to rank third worldwide among corporate holders. Renewable energy player VivoPower International raised $121 million to start a $100 million XRP purchase program. Two smaller private firms announced their intent to form XRP reserves within 24 hours of that deal. More might be on the way. But why are these assets so appealing to hold, and why would investors want to buy shares of a business that only manages assets they don't have any control over? In short, chief financial officers are seeing that low yields on relatively safe assets they already hold, like U.S. Treasuries, look even punier in comparison to the meteoric run-up in prices for assets like XRP and Bitcoin during the past 10 years. They likely figure that a small coin allocation offers a hedge against inflation, without as much risk as an investment in stocks -- though it's not clear that they're correct on that latter point. Furthermore, buying and holding cryptocurrencies means that a company doesn't have to take on any risk of making capital investments in value-generating equipment, nor put hardly any of their operational expenses toward labor, like most companies do. The catch is that every one of these new crypto treasury companies is banking on the same set of assets, and the same infrastructure to support them. Therefore, none of them have any economic moat, nor do they have any competitive advantage. And that means that over the long term, they are more likely to be bad investments than the assets they hold. For example, VivoPower's deal depends on BitGo for cold storage of its coins. Reitar's prospectus lists Coinbase Prime and Anchorage Digital as backup custodians. Insurance, auditing, chain attestations, and cold-storage logistics are effectively off-the-shelf services, which makes them great for operational security, but terrible for outperforming competitors. In other words, if you invest in these crypto treasury businesses, you are paying a premium for coin exposure that's being diluted by the company's need to pay overhead. A skeptical investor might also ask whether picking up shares in these crypto warehouses is safer than holding coins directly. The answer is "not really." Balance-sheet leverage not only amplifies the upside, but also the downside if prices swoon, leaving investors with losses. On the brighter side, assuming that demand from crypto treasury adopters keeps rising, the existence of supply scarcity favors buying and holding the coins themselves. Twenty One's goal of 42,000 Bitcoins alone is equivalent to almost 93 days of global Bitcoin mining issuance. Add Reitar, VivoPower, and a dozen smaller imitators, and the circulating float of coins available for public trading will shrink. None of that accrues uniquely to the corporate holders; it accrues to the protocol. Therefore, the easiest way to surf the wave here is to buy and hold a disciplined position in the digital assets these companies chase. Lastly, remember that volatility cuts both ways. If these crypto treasuries are forced to dump their coins to meet margin calls, prices can swing more violently than what's normal for crypto. Over long time horizons, assuming scarcity and consistent adoption remain intact, equity holders will be forced to eat management fees, dilution, and execution risk that they did not bargain for, whereas those who simply hold the coins won't need to pay for any extras whatsoever. Before you buy stock in Bitcoin, consider this: The Motley Fool Stock Advisor analyst team just identified what they believe are the for investors to buy now… and Bitcoin wasn't one of them. The 10 stocks that made the cut could produce monster returns in the coming years. Consider when Netflix made this list on December 17, 2004... if you invested $1,000 at the time of our recommendation, you'd have $674,395!* Or when Nvidia made this list on April 15, 2005... if you invested $1,000 at the time of our recommendation, you'd have $858,011!* Now, it's worth noting Stock Advisor's total average return is 997% — a market-crushing outperformance compared to 172% for the S&P 500. Don't miss out on the latest top 10 list, available when you join . See the 10 stocks » *Stock Advisor returns as of June 2, 2025 Alex Carchidi has positions in Bitcoin. The Motley Fool has positions in and recommends Bitcoin and XRP. The Motley Fool has a disclosure policy. Crypto Treasury Companies Are Bullish on Bitcoin and XRP. But Don't Invest. was originally published by The Motley Fool Sign in to access your portfolio
