Ripple has reported a serious attack on the Ripple Ledger (XRP Ledger) supply chain. The vulnerability targeted only Defi wallets using the official xrpl.js package via Node Package Manager (NPM). The extent of user assets stolen in this complex attack is still unclear, but Ripple has removed the infected versions of this package. This attack was first identified by the blockchain security company Aikido. Although it didn’t directly impact the Ripple Ledger, it has put many users at risk due to its spread through official Ripple channels. For instance, Defi wallets on the Ripple Ledger hold around $80 million in assets, and even access to a portion of this amount could result in a significant theft. On the other hand, if NPM, as a software distribution system, is compromised, it can affect thousands of applications. Injecting malicious code into a popular package can inadvertently introduce malware to any developer who installs or updates it. Finally, the Ripple Ledger Foundation has disabled the infected versions of this package and large Defi wallets are not at risk. A comprehensive report detailing this attack will also be released soon.
