How the xrpl.js library was hacked and why it threatened Bitcoin security. A serious attack on the supply chain in the xrpl.js JavaScript library: details and consequences for the XRP Ledger

The XRP Ledger Foundation has identified and responded quickly to a serious vulnerability in the official JavaScript library for interacting with the XRP Ledger blockchain network that could have led to the theft of cryptocurrency from users’ wallets. The incident relates to the widely used open-source xrpl.js package, which serves as a developer toolkit and is integrated into hundreds of thousands of apps and websites in the XRP Ledger ecosystem.

The essence of the vulnerability is that the attackers, acting in a sophisticated and covert manner, introduced malicious code into several versions of the library, creating a so-called “backdoor” – a hidden mechanism that allows you to steal private keys, seed phrases and mnemonics needed to manage XRP cryptocurrency wallets, and then gain full access to them. This backdoor transmitted stolen data via HTTP POST requests to the attackers’ server with an address disguised as advertising traffic, which made it difficult to detect the attack.

Blockchain security experts at Aikido Security were the first to identify and detail the attack in a blog post on April 22, 2025. They noted that an attacker using the nickname “mukulljangid” released five infected versions of the xrpl.js library via the NPM package manager over several days that did not appear in the official GitHub repository, raising suspicions among experts. The vulnerable versions of the software included releases 4.2.1–4.2.4 and v2.14.2, backed up by malicious code for stealing private keys.

The XRP Ledger Foundation quickly responded by updating its code repository and recommending that all developers and projects immediately upgrade to the latest secure version of the xrpl.js library, 4.2.5, which has the backdoor fixed. The organization also emphasized that the vulnerability only affected the tooling for interacting with the network, and not the XRP Ledger blockchain itself or its source code on GitHub. The bug is an example of a supply chain attack, which is potentially catastrophic for the crypto ecosystem given the scale of the compromised library.

Several key projects in the XRP ecosystem, including XRPScan, First Ledger, Gen3 Games, and Xaman Wallet, have confirmed that they were not affected by the attack, indicating that the vulnerability was discovered and mitigation measures were in place. However, users and developers are urged to rotate their private keys and disable master keys on accounts in cases of potential compromise.

In parallel with the security breach news, the XRP market has shown resilience, with the Ripple token (XRP) up over 3.5% in the US as of April 22, and the market cap over $125 billion with a fully diluted value of around $215 billion. This shows investor confidence and the project’s promise despite the temporary challenges.

XRP Ledger, created in 2012, is one of the oldest and most established blockchain networks focused on payment solutions and decentralized finance (DeFi) applications for institutional users. In recent months, the XRP Ledger network has gained attention due to a more favorable regulatory environment in the United States and institutional investors’ desire to integrate the network’s tokens. One of the most important developments was the listing of XRP futures contracts on the Coinbase exchange on April 21, 2025, which further stimulates the development of the ecosystem.

Thus, the discovery and fix of the vulnerability in the xrpl.js library was an indicator of the rigor and promptness of security measures in the XRP Ledger infrastructure. This incident highlights how important it is for the crypto community to closely monitor the state of the software supply chain and update components in a timely manner in order to prevent losses and maintain trust in digital assets and technologies.

Key facts:

• A vulnerability has been discovered in the official JavaScript library xrpl.js for working with XRP Ledger.
• Attackers have introduced a backdoor that allows them to steal private keys and gain access to crypto wallets.
• Aikido Security specialists detected the attack on April 22, 2025.
• Infected library versions included 4.2.1–4.2.4 and v2.14.2.
• The XRP Ledger Foundation has updated the library to version 4.2.5 and removed compromised releases.
• The incident did not affect the core codebase or the XRP Ledger network.
• It is recommended to rotate keys and disable master keys if there is any suspicion.
• Large ecosystem projects have confirmed that the attack has had no impact.
• The XRP token has seen price growth and institutional acceptance amid the incident.
• XRP Ledger is one of the oldest blockchain networks, actively developing in the field of DeFi and payments.

This case is an important example of the community’s strengthening security and preparedness in dealing with threats in the crypto industry.

The vulnerability in the xrpl.js library was caused by the compromise of the credentials of a developer who had access to publish the package in the npm manager. On April 21, 2025, an attacker under the nickname “mukulljangid” published several versions of the popular JavaScript library xrpl.js (versions 2.14.2, 4.2.1, 4.2.2, 4.2.3 and 4.2.4), into which malicious code was secretly injected. This code created a “backdoor” – a hidden mechanism for stealing private keys, seed phrases and other data from XRP users’ wallets. The collected information was transmitted to the attackers’ servers, which could lead to the theft of funds from wallets. 1 2 3 6

The xrpl.js library is the official and widely used JavaScript tool for interacting with the XRP Ledger blockchain, allowing developers to create applications that handle cryptocurrency transfers, wallet transactions, and other blockchain logic. The library had been downloaded over 140,000 times in the week prior to the incident, and is integrated into many projects and services in the XRP ecosystem, making the attack dangerous and potentially catastrophic for the cryptocurrency ecosystem. 1 3 5

It is important to emphasize that the vulnerability affected only the xrpl.js library, and not the XRP Ledger blockchain itself and its source code on the official GitHub repository. The code base and network remained secure, eliminating the possibility of directly compromising the network. The vulnerability is a typical example of a supply chain attack, in which an attacker infects a widely used dependency to indirectly hack end users. 1 2 6

The malicious code in the packages was quickly discovered by security experts from Aikido Security, who reported the incident on April 22, 2025, detailing the attack and methods of stealthily introducing the backdoor. On their recommendation and the action of the XRP Ledger Foundation, the compromised versions were removed from npm, and a secure version 4.2.5 was developed and released for all users, which eliminated the vulnerability. Projects using the library were strongly recommended to immediately update it to a secure version, rotate private keys, and disable master keys in case of a risk of compromise. 1 2 5 6

To answer the second part of the question: this type of vulnerability does not directly relate to Bitcoin and does not pose a threat to it , since the vulnerability arose in the xrpl.js library, which is designed to work only with the XRP Ledger network. Bitcoin uses a completely different technological infrastructure, its own protocols and software. Bitcoin’s cryptographic security does not depend on the XRP Ledger code or libraries. The vulnerability associated with the supply chain attack in this particular case affects only the XRP ecosystem and those who use the infected library to interact with this network.

However, this attack serves as a demonstration of the dangers of supply chain attacks in the crypto industry in general — similar techniques could be applied to other projects, including Bitcoin-focused tools, if attackers gain access to the relevant repositories or packages. Therefore, it is important to pay close attention to the security of all dependencies, regularly update libraries and software, and apply best practices for key management. 1 3 6

Key facts:

• The vulnerability was caused by a compromise of the npm account of the xrpl.js developer and the introduction of a backdoor into versions 2.14.2, 4.2.1–4.2.4 of the library.
• The malware stole private keys and seed phrases from XRP users and transmitted them to the attackers.
• The vulnerability only affects the xrpl.js library, and does not affect the XRP Ledger blockchain, much less Bitcoin.
• The incident was identified and resolved quickly: compromised versions were removed from npm, and a secure version 4.2.5 was released.
• Victims are advised to update, change private keys and disable master keys.
• The attack is an example of the dangers of supply chain attacks in the crypto industry, reminding us of the importance of cybersecurity across the entire software ecosystem.

Thus, the vulnerability in the xrpl.js library was caused by a compromise of the publishing infrastructure and poses a threat only to the XRP Ledger ecosystem, without directly affecting the security of Bitcoin, but is a general illustration of the risk of supply chain attacks in the crypto world. 1 2 3 6

1. “A Dangerous Vulnerability in xrpl.js Library Has Been Discovered and Fixed: Impact on the XRP Ecosystem and Cryptocurrency Security”
2. “A Serious Supply Chain Attack in JavaScript Library xrpl.js: Details and Implications for XRP Ledger”
3. “How the xrpl.js library was hacked and why it does not threaten Bitcoin’s security”
4. “xrpl.js vulnerability exposed: XRP key theft and security lessons for the crypto industry”
5. “Experts have identified a backdoor in the official XRP library – threats, measures and impact on the cryptocurrency market”

Here is a selection of articles and materials that cover in detail the vulnerability in the xrpl.js library related to the attack on the XRP Ledger ecosystem in 2025, as well as aspects of supply chain security in the crypto industry:

1. “Ripple’s recommended library xrpl.js compromised by supply chain attack”
   Detailed analysis of the incident with malicious code in versions 2.14.2, 4.2.1–4.2.4, published via npm, including recommendations for response and links to official documents on protecting XRP Ledger accounts. The vulnerability assessment is CVE-2025-32965 with a high risk level.
   Source: Xakep.ru (2025) 1
2. “XRP Ledger Fixed a Vulnerability in the XRPL JavaScript Library”
   Summary of the incident, description of the identified threat, measures taken by the XRP Ledger Foundation, and the impact of the incident on the XRP token market. It is noted that major projects in the ecosystem remained unaffected.
   Source: Holder.io (2025) 2
3. “Hacker Attacks XRP Owners via JavaScript Library”
   Technical analysis of the attack, the actions of the attacker, analysis of the code with the backdoor, and prompt measures of the community and funds to protect users. The importance of updating to version 4.2.5 is emphasized.
   Source: Forklog.com (2025) 3
4. “XRP Ledger Foundation Urges Update Due to Potential Vulnerability”
   The foundation’s official statement calling for an urgent library update to prevent a “potentially catastrophic” attack on the cryptocurrency infrastructure supply chain.
   Source: Binance.com (2025) 4
5. “Cryptocurrency Influx of $6 Million and Vulnerability in XRP Ledger JavaScript Library”
   A journalistic investigation with vulnerability analysis, comments from security experts, feedback from ecosystem projects, and the consequences of the incident for users.
   Source: Minfin.com.ua (2025) 5
6. “Hacker Breaks Ripple’s XRP JavaScript Library in Supply Chain Attack”
   A description of the extent of the library’s use, when the malicious code was introduced, and the fund’s prompt response. The article examines the technical details and cybersecurity recommendations.
   Source: Yellow.com (2025) 6
7. Analytical and review articles on supply chain attacks in the crypto industry, including similar cases in other blockchain projects and risks to the security of users and developers. For example, analysis of the mechanisms and consequences of supply chain attacks for open-source crypto libraries.

The XRP Ledger Foundation has discovered and quickly fixed a serious vulnerability in the official JavaScript library xrpl.js, widely used to interact with the XRP Ledger blockchain network. The vulnerability posed a security threat to users and developers of the XRP ecosystem, as attackers had introduced hidden malicious code (backdoor) into several versions of the library, which could lead to the theft of private keys and funds from crypto wallets.

The gist of the incident

On April 21, 2025, an attacker using the nickname “mukulljangid” who gained access to the npm account of the xrpl.js developer released five infected versions of the package: 2.14.2, 4.2.1, 4.2.2, 4.2.3 and 4.2.4. These versions were secretly injected with malicious functionality that allowed them to steal private keys, seed phrases and other sensitive data from users by transmitting them to the attackers’ server. The xrpl.js package is the official SDK for interacting with the XRP Ledger and is downloaded more than 140 thousand times per week, which made the scale of the threat extremely serious. 1 2 3

Detection and response

The vulnerability was identified by security experts at Aikido Security, who published a technical analysis of the incident on April 22 and urged all users to urgently update the library. In response, the XRP Ledger Foundation immediately removed the compromised versions from npm and released a secure version 4.2.5, recommending an urgent transition to it, as well as rotating private keys and, if necessary, disabling account master keys to minimize the risk of loss. 1 2 3 4

It is important to emphasize that the vulnerability only affected the xrpl.js library used as a tool by developers, and not the XRP Ledger blockchain itself or its source code in the official GitHub repository. This eliminates the possibility of direct hacking or damage to the XRP Ledger network. 1 2 3

Impact on the ecosystem and security

Despite the scale of the incident, key ecosystem projects such as XRPScan, First Ledger, Gen3 Games, and Xaman Wallet confirmed that they were not affected. However, the attack was a prime example of the dangers of supply chain attacks in the crypto industry — when attackers infect widely used libraries to bypass end-user protections indirectly. This highlights the importance of strict component security controls and timely dependency updates across all crypto projects. 1 5 6

Amid these developments, the XRP cryptocurrency has shown resilience, with its price up more than 3.5% at press time and its market cap remaining above $125 billion, indicating investor confidence in the XRP ecosystem despite the temporary challenges. 2 5

Conclusions and recommendations

• The xrpl.js incident is a clear example of how supply chain attacks can threaten the security of crypto communities and users.
• The quick response of the XRP Ledger Foundation and Aikido Security specialists helped minimize the damage and prevent the large-scale spread of malicious code.
• Developers and users urgently need to update the library to version 4.2.5, rotate private keys and disable master keys if there is a suspicion of compromise.
• Modern crypto infrastructure remains vulnerable to such attacks through third-party dependencies, requiring continued attention to cybersecurity and strong key management practices.

Thus, the discovery and fixing of the vulnerability in the xrpl.js library was an important event for the XRP Ledger ecosystem and the entire crypto community, demonstrating the need to improve supply chain security standards and protect users’ private data.

Sources:

X
Xakep.ru, “Ripple’s Recommended Library xrpl.js Compromised in Supply Chain Attack”, April 2025
Holder.io, “XRP Ledger Patches XRPL JavaScript Library Vulnerability”, April 2025 2
Forklog.com, “Hacker Attacks XRP Owners via JavaScript Library”, April 2025 3
Binance.com, “XRP Ledger Foundation Urges Update Due to Potential Vulnerability”, April 2025 4
MinMinfin.com.ua, “$6 Million Capital Influx into Crypto Products and Vulnerability in XRP Ledger JavaScript Library”, April 2025
Yellow.com, “Hacker Hacks Ripple’s XRP JavaScript Library in Supply Chain Attack”, April 2025 6

A vulnerability in the xrpl.js library has significantly impacted the security of XRP users due to the risk of compromising the private keys of their crypto wallets. Malicious code, secretly introduced by an attacker into several versions of the xrpl.js library, allowed the theft of confidential user data – private keys, seed phrases and other secrets – and sending them to the attackers’ servers. This could lead to unauthorized access to XRP wallets and withdrawal of funds without the permission of the owners. 1 2 3

Since the xrpl.js library is widely used by developers to interact with the XRP Ledger network and is integrated into hundreds of thousands of applications, the scale of potential damage was significant, especially if infected versions were installed in applications that manage users’ crypto accounts. The attack is an example of a “supply chain attack,” where attackers inject malicious code into a widely used component, allowing them to indirectly attack end users and their assets. 1 2 4

However, it is important to note that the XRP Ledger network itself, its blockchain, and the official source code on GitHub were not affected by the vulnerability, which eliminates the possibility of hacking or damaging the decentralized network itself. The threat is limited to those cases where vulnerable versions of the library were used. 2 5

In response to the discovery of the vulnerability, Aikido Security immediately reported the issue, and the XRP Ledger Foundation quickly removed the compromised versions from the npm package manager and released a secure version of xrpl.js 4.2.5. Users and developers were urged to urgently update libraries, rotate private keys, and, if necessary, disable the master keys of their accounts to prevent possible theft. 1 2 5

Thus, the impact of the vulnerability on the security of XRP users is expressed as follows:

• Potential risk of losing private keys and control over crypto wallets when using infected versions of the library.
• The need for urgent preventive measures is to update libraries, change keys and increase attention to application security.
• The support and timely response from the XRP Ledger Foundation and experts ensured rapid local control of the incident, minimizing the damage.
• Demonstrating the importance of combating supply chain attacks and the need for continuous monitoring and auditing of software in the crypto space.

Overall, thanks to the quick detection and response by the community and the XRP Ledger Foundation, large-scale losses were prevented, but the vulnerability became a serious warning to all cryptocurrency market participants about the risks associated with the use of third-party libraries and components. 1 2 4 5

Key facts about the impact of the vulnerability on the security of XRP users:

• Malicious code in infected versions of xrpl.js could steal private keys and seed phrases.
• The threat only affected the library, not the XRP Ledger blockchain itself.
• Quickly publish a safe version of xrpl.js 4.2.5 and remove infected packages from npm.
• Recommendations for immediate updating, key rotation and disabling of master keys.
• Some major projects in the XRP ecosystem have confirmed that they are not affected.
• The attack clearly illustrates the risk of attacks on software supply chains in the crypto industry.

The XRP Ledger Foundation responded quickly to the vulnerability in the official JavaScript library xrpl.js, widely used to interact with the XRP Ledger network, by releasing a secure version 4.2.5 and removing the affected packages from the npm manager. This quick and coordinated response minimized potential risks to users and developers of the XRP Ledger ecosystem.

Details of the incident

On April 21, 2025, an attacker who gained access to the npm account of one of the library’s maintainers posted several versions of xrpl.js with malicious code to npm – versions 2.14.2, 4.2.1, 4.2.2, 4.2.3 and 4.2.4. The malicious code was designed to secretly collect and send private keys, seed phrases and other sensitive data from XRP crypto wallets to the attackers’ servers. The xrpl.js library is the official SDK that provides tools for developing applications that work with the XRP Ledger, and it is distributed through npm, where it has a weekly download volume of over 140 thousand times, making the potential scale of damage very high. 1 2 6

Quick publication of the corrected version

Already on April 22, 2025, a few hours after the incident was discovered by Aikido Security, the XRP Ledger Foundation released a new secure version of the library — xrpl.js 4.2.5, which completely eliminated the malicious code. At the same time, all infected versions were removed from npm to prevent further distribution and use of the compromised software. 1 5 6

The foundation’s official communications emphasized the recommendation for all users and developers to update their projects to the secure version 4.2.5 as soon as possible. It also strongly recommended that private keys be rotated and, for accounts where there is a suspicion of a master key being compromised, that it be disabled to provide additional protection. 5 6

It is separately noted that the vulnerability affected only the library and had no relation to the source code of the XRP Ledger blockchain itself or the official repository on GitHub, which eliminates the possibility of direct hacking of the network and preserves its integrity. 1 6

Significance for ecosystem security

This incident is a clear example of a supply chain attack, where attackers infect widely used software to indirectly access end-user data. The rapid release of a patched version of xrpl.js 4.2.5 and the removal of the infected packages demonstrates the importance of rapid response and coordinated work of the security team – which helped protect the XRP ecosystem and users from large-scale losses. 1 6

Key ecosystem projects such as XRPScan, First Ledger, Gen3 Games and Xaman Wallet have also successfully proven their resistance to attacks, demonstrating a high level of security and the community’s readiness to quickly resolve issues. 6

Recommendations for users

• Immediately update the libraries you use to xrpl.js version 4.2.5 or later.
• Rotate private keys and, if possible, disable master keys of accounts.
• Check the applications and dependencies you use to see if they are using vulnerable versions of the library.
• Strengthen supply chain security controls and regularly monitor secure version updates.

Thus, the release of the secure version of xrpl.js 4.2.5 and the removal of the infected packages from npm were key steps in neutralizing a serious threat to the security of XRP users, demonstrating the importance and effectiveness of quickly adopted cryptosecurity measures.

The XRP Ledger Foundation has experienced a major supply chain attack on the official xrpl.js JavaScript library, which is widely used by developers to interact with the XRP Ledger blockchain network. The incident, which was discovered in April 2025, demonstrated how vulnerable critical components of crypto application infrastructure can be when the credentials that control the repositories are compromised.

Details of the attack

On April 21, 2025, an attacker gained access to the npm account of one of the developers of the xrpl.js library under the nickname “mukulljangid” and published several hacked versions of the library at once – 2.14.2, 4.2.1, 4.2.2, 4.2.3 and 4.2.4. These versions contained secretly embedded malicious code – the so-called “backdoor”, which made it possible to steal secret user data: private keys, seed phrases and mnemonics of XRP crypto wallets. The theft was carried out by sending this data via HTTP POST requests to the attackers’ servers, disguised as advertising traffic with the User-Agent header “ad-refferal”, which made it difficult to detect the attack.

The xrpl.js library is the official Software Development Kit (SDK) from the XRP Ledger Foundation, which provides functions for creating applications that interact with the XRP Ledger, including token transfers and working with crypto wallets. The library was downloaded more than 140,000 times in the week before the attack, making the potential scale of the threat extremely high.

Reaction and consequences

As early as April 22, 2025, security researchers from Aikido Security discovered the attack and publicly reported it. On the same day, the XRP Ledger Foundation promptly removed the infected versions from the npm package manager and released a secure version of the xrpl.js 4.2.5 library, completely cleared of malicious code. All developers and users were strongly advised to migrate to this secure version immediately.

In addition, the fund recommended mandatory rotation of private keys, and in case of potential compromise, disabling master keys of accounts to limit the risk of theft. Some major projects in the XRP ecosystem, such as XRPScan, First Ledger, Gen3 Games, and Xaman Wallet, have confirmed that their services were not affected by the attack, which indicates a timely response and a high level of community preparedness.

It is important to note that this vulnerability only affected the xrpl.js library and had no effect on the source code or the XRP Ledger network itself, which remained secure and intact. This eliminates the possibility of a direct hack of the blockchain, but highlights the vulnerability of the entire crypto industry to attacks on the software supply chain.

Technical analysis of the attack

The malicious activity was concentrated in a file /src/index.tswith a function checkValidityOfSeedthat, when checking the data, secretly sent confidential information about the keys to the attackers’ server. Disguising itself as advertising traffic made it difficult to detect unusual activity in network logs.

The vulnerability identifier CVE-2025-32965 was rated with a severity level of 9.3 out of 10 on the CVSS scale, indicating the highest severity.

Implications for the XRP Ledger Ecosystem

• Affected versions of xrpl.js could lead to the compromise of private keys and theft of funds from users’ wallets.
• Despite the incident, the price of XRP on the market did not fall, which reflects investor confidence and the sustainability of the project.
• A quick response made it possible to neutralize the spread of the infected code and prevent large-scale financial losses.
• An important topic has been raised regarding the vulnerability of software supply chains in the cryptocurrency space, which requires increased monitoring and auditing of third-party dependencies.

Recommendations for users and developers

• Urgently update the xrpl.js library to version 4.2.5 or higher.
• Rotate all private keys and disable master keys on accounts that may be at risk.
• Check the applications you use for vulnerable versions of the library and replace them.
• Strengthen supply chain security monitoring and integrate regular code and dependency audit processes.

Thus, the supply chain attack in the JavaScript library xrpl.js became an important warning for the entire crypto industry, showing how the compromise of one component can threaten the security of users and developers. The immediate response of the community and the XRP Ledger Foundation minimized the damage and demonstrated the importance of operational cyber risk management in modern software.

The XRP Ledger Foundation and security experts have identified a serious security vulnerability in the official JavaScript library xrpl.js, which is widely used to interact with the XRP Ledger blockchain network. As part of a supply chain attack, hidden malicious code was injected into several versions of the library – a backdoor that could steal users’ private keys and seeds, jeopardizing the security of their cryptocurrency wallets and assets.

Details of the incident

• On April 21, 2025, an attacker using the credentials of one of the library maintainers published infected versions of xrpl.js via the npm package manager: 2.14.2, 4.2.1, 4.2.2, 4.2.3, and 4.2.4. The code in these versions included a function called “checkValidityOfSeed” that secretly sent private keys and other sensitive user information to an external server of the attackers, disguising it as advertising traffic (User-Agent “ad-refferal”).
• The xrpl.js library serves as the primary toolkit for developers building applications and services that interact with the XRP Ledger network. It was downloaded over 140,000 times in the week leading up to the attack, highlighting the scale of the potential threat to the XRP ecosystem.
• Security experts from Aikido Security were the first to record the incident on April 22, 2025, and published a technical analysis of the malware, calling for an immediate update.
• The XRP Ledger Foundation promptly removed the infected versions from npm and released a clean and secure version of xrpl.js 4.2.5, recommending that all users urgently update and rotate their private keys, and if they suspect a compromise, disable their account master keys.
• The vulnerability was strictly limited to the xrpl.js library and did not affect the main XRP Ledger blockchain or the network’s GitHub repository, eliminating the possibility of a direct hack of the blockchain itself.

Threats and implications for users and the market

• The malicious code created a real risk of unauthorized access to XRP users’ wallets and potential withdrawal of funds. The prevalence of the library made the attack a large-scale threat to the crypto ecosystem.
• Despite the severity of the incident, most key XRP projects, including Xaman Wallet, XRPScan, First Ledger, and Gen3 Games, have confirmed that they were not affected, indicating a timely response and readiness of the ecosystem.
• The XRP market has shown resilience, with the token price rising by more than 3.5% and the market cap remaining above $125 billion, reflecting investor confidence and the stability of the project.
• The case vividly demonstrated the dangers of attacks on software supply chains, where the compromise of one component can put many users and services at risk.

Measures taken to neutralize the threat

• The rapid discovery of the vulnerability by Aikido Security experts and the prompt response of the XRP Ledger Foundation were key factors in limiting the damage.
• Removing the infected versions from npm and releasing a secure version of xrpl.js 4.2.5 protects users from further attacks.
• Recommended rotation of private keys and disabling of master keys prevents potential use of already compromised data.
• The ecosystem and developers have learned a powerful lesson about the importance of supply chain security controls and continuous dependency auditing.

Conclusions

The discovery and removal of a backdoor in the official xrpl.js library was a significant event for the security of the XRP ecosystem and the crypto industry as a whole. The attack showed how a vulnerability in one popular component can affect a wide range of users and services, highlighting the need for strong security measures, rapid response, and continued attention to software supply chain security.

Key facts:

• A backdoor has been introduced into the xrpl.js library, officially maintained by the XRP Ledger Foundation, to steal private keys.
• Infected versions: 2.14.2, 4.2.1–4.2.4.
• The malicious code sent keys to the attackers’ servers, disguised as advertising traffic.
• The attack was confirmed by Aikido Security specialists and received the identifier CVE-2025-32965 with a high risk level (9.3/10).
• The XRP Ledger Foundation has released a secure version 4.2.5 and removed the infected packages from npm.
• Users are advised to urgently update the library and take measures to protect keys.
• The vulnerability does not affect the main XRP Ledger blockchain.
• Major ecosystem projects were not affected by the attack.
• The cryptocurrency market has remained stable, demonstrating confidence in the ecosystem.

How this attack affects trust in official libraries and the XRP ecosystem

The attack on the official xrpl.js library, despite its seriousness, has sparked a lot of discussion about trust in official libraries and the XRP ecosystem. The key impacts of the incident on trust are as follows:

• Supply chain risk and vulnerability: The attack demonstrated how vulnerable the infrastructure of critical components in the crypto ecosystem is, even if the blockchain network itself remains untouched. Many users and developers are now more wary of third-party libraries and are careful to ensure that dependencies are updated and secure.
• Strength and transparency of response: The quick response of the XRP Ledger Foundation and Aikido Security to remove the infected versions from npm and publish a secure version of xrpl.js 4.2.5 significantly mitigated the negative perception. This showed that the ecosystem has mechanisms for promptly detecting and responding to security threats, which strengthens trust in the project.
• Confirmation of security of key services: Statements from major XRP projects (e.g. XRPScan, Xaman Wallet, etc.) that their services are not affected strengthens user confidence in the reliability of the infrastructure and its readiness for incidents.
• Increased community vigilance: The incident has spurred the ecosystem to strengthen security practices — regular library audits, mandatory updates to the latest secure versions, key rotation, and increased control over supply chains. This is seen as a positive step toward strengthening security and trust in the long term.
• Impact on Investor Perception: Despite the hack news, XRP’s price and market cap have remained stable or even increased, indicating continued investor confidence in the Ripple ecosystem.

Overall, the xrpl.js attack incident served as an important lesson for the crypto community and library providers, highlighting the need for strong cybersecurity, rapid response, and ongoing monitoring. While trust may have been weakened in the short term by the threat of key theft, the concerted and transparent actions of the XRP Ledger Foundation team helped maintain and even strengthen faith in the resilience of the ecosystem and official libraries.

Key source of information: Analysis of publications on Yellow.com, Bitrue.com, official XRP Ledger Foundation announcements, and expert commentary from the security community (April 2025). 1 2

How do incidents like this affect the development of trust in the crypto ecosystem as a whole?

Such incidents involving vulnerabilities and attacks on critical components of the crypto ecosystem have a serious impact on the development of trust in the crypto ecosystem as a whole. Key aspects of such impact include:

• Awareness of risks and vulnerabilities in software supply chains . Attacks like the backdoor into the official xrpl.js library clearly demonstrate that even official and widely used tools can become entry points for attackers. This raises the awareness of users and developers, encourages increased security controls and code audits, and increases the requirements for dependency reliability. At the same time, such cases send a strong signal that cybersecurity is an ongoing process, not a one-time event.
• Impact on the perception of stability and reliability of crypto projects . While incidents can initially undermine trust, it is the speed and transparency of the response from development teams and funds that make the difference. Promptly publishing patched versions, removing infected packages, and informing users help mitigate negative feedback and maintain the reputation of projects. This strengthens confidence in the ability of the ecosystem to cope with threats.
• Strengthening security awareness and practices in the community . Such incidents encourage both end users and experts to more carefully monitor updates, regularly change private keys, audit software components, and implement comprehensive security measures. In the long term, this leads to an increase in the quality of the entire infrastructure and a more mature attitude towards security among participants.
• Long-term effects on institutional trust and investor attention . Despite local problems, if an ecosystem demonstrates resilience and the ability to quickly address vulnerabilities, investor and institutional interest is maintained or even increased. Trust is built on a combination of factors — technological reliability, governance transparency, regulatory support, and overall perception of security.
• The importance of transparency and communication . Communities and projects that openly and promptly inform users about risks and measures taken have an advantage in maintaining trust. Confidentiality and secrecy in such matters usually exacerbate mistrust.

In this way, vulnerability incidents serve as a stress test for the crypto ecosystem, revealing weaknesses and stimulating the development of more robust practices and processes. If managed properly, the consequences of negative events can be mitigated and trust strengthened in the long term.

These findings are supported by research and analytical reviews of the cryptocurrency market, which note that building sustainable trust is a long and complex process that requires technical, organizational and communication maturity on the part of all participants in the crypto ecosystem. 1 5 6

Why High Volatility and Fraud Are Decreasing Investor Confidence

High volatility and fraud significantly reduce investor confidence for several key reasons:

• High volatility is sharp and frequent fluctuations in asset prices that make forecasting difficult and increase the risk of significant losses. Investors fear losses, especially in short-term speculation and volatile markets, and often panic or become overly cautious. Such volatility makes it difficult to create long-term investment strategies, increases trading costs, and encourages manipulation by large players, further undermining market confidence. 1 3 5 10
• Fraud reduces trust through financial loss and a sense of injustice. When investors fall victim to fraudsters, they not only lose money, but also their faith in the honesty and transparency of the market. Fraudsters often take advantage of the lack of financial literacy and mislead investors, which further damages the reputation of financial and cryptocurrency markets. The lack of ability to effectively recover lost funds increases the negative perception. 2 6 8

Together, these factors create an atmosphere of uncertainty and fear, causing investors to be cautious or even leave the market altogether. Volatility is exacerbated by panic selling and hype, while fraud breeds skepticism towards any investment proposals. This leads to a decrease in trading volumes, a decrease in liquidity, and hinders the attraction of long-term investments, which ultimately slows the development and strengthening of financial and crypto ecosystems. 1 4 6

Transparency, prompt information and effective anti-fraud measures, as well as the development of financial literacy among investors, play an important role in maintaining trust. Only comprehensive risk management and increased attention to security can help stabilize the market and restore confidence among participants. 2 5

Thus, high volatility and fraud undermine investor confidence, creating risks of loss and a sense of insecurity, which requires active efforts from the market and regulators to ensure stability and security.

Sources of the main ideas: plusworld.ru, kursiv.media, morpher.com, naufor.ru, veles.finance, cyberleninka.ru, ros-advocat.ru, capital.com. 1 2 3 4 5 6 8 10

1. https://plusworld.ru/articles/61593/
2. https://kz.kursiv.media/2021-12-23/kak-moshennichestvo-rushit-doverie-investorov-k-fondovomu-rynku/
3. https://www.morpher.com/ru/blog/volatility-drag
4. https://naufor.ru/tree.asp?n=23290
5. https://veles.finance/ru/blog/post/what-volatility-explained-simple-terms
6. https://jomeam.ru/temp/4857f6862158154d5a7b2bf0a11110a4.pdf
7. https://cyberleninka.ru/article/n/faktory-riska-ispolzovaniya-kriptoaktivov-v-rossii-i-potentsial-dlya-ih-snizheniya
8. https://ros-advocat.ru/offices/blokchejn-kriptovaljuty-i-juridicheskie-lovushki-kak-ne-stat-zhertvoj-moshennikov/
9. https://www.kaspersky.ru/blog/trump-memecoins-cybersecurity-advice/39060/
10. https://capital.com/ru-int/learn/essentials/market-volatility

Sources used:

1. “Cryptocurrency Market and Trust: A New Approach to Project Evaluation”, BDC Consulting
2. “Understanding the Impact of Crypto Sentiment on Market Trends,” Morpher.com
3. “Trust as a foundation”, International Monetary Fund (IMF)

1. https://bdc.consulting/ru/insights/crypto-trust-rating/the-cryptocurrency-market-and-trust
2. https://aml.university/d/844tioCCL91oKA5vDZATJjwrb92DS9zXiUTv2kCX
3. https://cbr.ru/Content/Document/File/132241/Consultation_Paper_20012022.pdf
4. https://cyberleninka.ru/article/n/faktory-riska-ispolzovaniya-kriptoaktivov-v-rossii-i-potentsial-dlya-ih-snizheniya
5. https://www.morpher.com/ru/blog/crypto-sentiment-on-market-trends
6. https://www.imf.org/ru/Publications/fandd/issues/2022/09/A-foundation-of-trust-Carsten-Frost-Shin
7. https://cyberleninka.ru/article/n/perspektivy-ispolzovaniya-kriptovalyut-v-mirovoy-i-natsionalnoy-ekonomike
8. https://econs.online/articles/opinions/chto-spros-na-razlichnye-vidy-kriptovalyut-mozhet-skazat-o-budushchem-deneg/
9. https://www.rbc.ru/crypto/news/5b6997699a79473681b17881
10. https://www.afjournal.ru/2019/3/global-finance/development-of-cryptoassets-ecosystem-new-trends

1. https://yellow.com/ru/news/%D1%85%D0%B0%D0%BA%D0%B5%D1%80-%D0%B2%D0%B7%D0%BB%D0%BE%D0%BC%D0%B0%D0%BB-javascript-%D0%B1%D0%B8%D0%B1%D0%BB%D0%B8%D0%BE%D1%82%D0%B5%D0%BA%D1%83 -ripple-%D0%B4%D0%BB%D1%8F-xrp-%D0%B2-%D0%B0%D1%82%D0%B0%D0%BA%D0%B5-%D0%BD%D0%B0-%D1% 86%D0%B5%D0%BF%D0%BE%D1%87%D0%BA%D1%83-%D0%BF%D0%BE%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D0%BA
2. https://www.bitrue.com/ru/blog/ripple-executive-issues-warning-as-talks-of-xrp-wallet
3. https://www.tadviser.ru/index.php/%D0%A1%D1%82%D0%B0%D1%82%D1%8C%D1%8F:%D0%9C%D0%BE%D1%88%D0%B5%D0%BD%D0%BD%D0%B8%D1%87%D0%B5%D1%81%D1%82%D0%B2%D0%BE_%D1%81_%D0%BA%D1%80%D0%B8%D0%BF%D1%82%D0%BE%D0%B2%D0%B0%D0%BB%D1%8E%D1%82%D0%BE%D0%B9
4. https://cyberleninka.ru/article/n/kriptoindustriya-i-platezhnye-sistemy
5. https://cyberleninka.ru/article/n/analiz-blokcheyn-tehnologii-osnovy-arhitektury-primery-ispolzovaniya-perspektivy-razvitiya-problemy-i-nedostatki
6. https://aml.university/d/844tioCCL91oKA5vDZATJjwrb92DS9zXiUTv2kCX
7. https://www.cbr.ru/collection/collection/file/32085/dib_2018_20190704.pdf
8. https://www.bitget.com/ru/glossary/51—attack
9. https://sergeytereshkin.ru/publications/novosti-kriptovalyut-na-19-maya-2025-rost-bitcoin-regulirovanie-i-tekhnologicheskie-apgreydy
10. https://kitap.tatar.ru/media/attaches/participant_pages/43_bibl/e38a01fc16de4d6fac17e021f510f7a0_epoxa-kriptovalyut.pdf

— Aikido Security (April 2025)
— XRP Ledger Foundation
— Forklog, Xakep.ru, Coin Edition, Yellow.com (April 2025)
— CVE-2025-32965 security report
— Official XRP Ledger Foundation announcements on X platform (former Twitter)

1. https://forklog.com/news/haker-attacked-vladeltsev-xrp-through-the-javascript-library
2. https://xakep.ru/2025/04/24/xrpl-js-supply-chain-attack/
3. https://opennet.ru/63145-npm
4. https://cisoclub.ru/vredonosnyj-kod-v-xrp-ledger-sdk-ugroza-kiberbezopasnosti/
5. https://prohoster.info/blog/novosti-interneta/zloumyshlenniki-smogli-vnedrit-bekdor-v-npm-paket-ot-razrabotchikov-kriptovalyuty-xpr
6. https://cryptorank.io/news/feed/b7ff9-%D0%B2-%D0%BE%D1%84%D0%B8%D1%86%D0%B8%D0%B0%D0%BB%D1%8C%D0%BD%D0%BE%D0%BC-%D0%BF%D0%B0%D0%BA%D0%B5%D1%82%D0%B5-xrp-ledger-npm-%D0%BE%D0%B1%D0%BD%D0%B0%D1%80%D1%83%D0%B6%D0%B5%D0%BD-%D0%B1%D1%8D%D0%BA
7. https://thehackernews.com/2025/04/ripples-xrpljs-npm-package-backdoored.html
8. https://www.wellnews.ru/society/technology/53666-hakery-atakovali-xrp-ledger-ujazvimost-v-javascript-biblioteke-ugrozhala-koshelkam-polzovatelej.html
9. https://trendtonext.com/company/news/ataka_na_tsepochku_postavok_vredonosnaya_versiya_xrpl_js_ugrozhala_koshelkam_xrp/
10. https://yellow.com/ru/news/%D1%85%D0%B0%D0%BA%D0%B5%D1%80-%D0%B2%D0%B7%D0%BB%D0%BE%D0%BC%D0%B0%D0%BB-javascript-%D0%B1%D0%B8%D0%B1%D0%BB%D0%B8%D0%BE%D1%82%D0%B5%D0%BA%D1%83 -ripple-%D0%B4%D0%BB%D1%8F-xrp-%D0%B2-%D0%B0%D1%82%D0%B0%D0%BA%D0%B5-%D0%BD%D0%B0-%D1% 86%D0%B5%D0%BF%D0%BE%D1%87%D0%BA%D1%83-%D0%BF%D0%BE%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D0%BA

1. Xakep.ru, “Ripple’s recommended library xrpl.js compromised by supply chain attack,” April 2025.
2. Yellow.com, “Hacker Breaks Ripple’s XRP JavaScript Library in Supply Chain Attack,” April 2025.
3. SecurityLab, “Malware that steals cryptocurrency via POST requests discovered in official Ripple library,” April 2025.
4. Binance.com, “XRP Ledger Foundation Urges Update Due to Potential Vulnerability,” April 2025.
5. XRP Ledger Foundation, Official Blog and Security Report, April 2025.

1. https://xakep.ru/2025/04/24/xrpl-js-supply-chain-attack/
2. https://yellow.com/ru/news/%D1%85%D0%B0%D0%BA%D0%B5%D1%80-%D0%B2%D0%B7%D0%BB%D0%BE%D0%BC%D0%B0%D0%BB-javascript-%D0%B1%D0%B8%D0%B1%D0%BB%D0%B8%D0%BE%D1%82%D0%B5%D0%BA%D1%83 -ripple-%D0%B4%D0%BB%D1%8F-xrp-%D0%B2-%D0%B0%D1%82%D0%B0%D0%BA%D0%B5-%D0%BD%D0%B0-%D1% 86%D0%B5%D0%BF%D0%BE%D1%87%D0%BA%D1%83-%D0%BF%D0%BE%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D0%BA
3. https://www.itsec.ru/news/v-ofizialnoy-ripple-bibioteke-obanruzhen-vredonos-kradushiy-kriptovalutu-cherez-post-zaprosi
4. https://trendtonext.com/company/news/ataka_na_tsepochku_postavok_vredonosnaya_versiya_xrpl_js_ugrozhala_koshelkam_xrp/
5. https://www.binance.com/ru/square/post/04-22-2025-xrp-ledger-foundation-urges-update-due-to-potential-vulnerability-23276974125961
6. https://xrpl.org/blog/2025/vulnerabilitydisclosurereport-bug-apr2025
7. https://cisoclub.ru/vredonosnyj-kod-v-xrp-ledger-sdk-ugroza-kiberbezopasnosti/
8. https://www.wellnews.ru/society/technology/53666-hakery-atakovali-xrp-ledger-ujazvimost-v-javascript-biblioteke-ugrozhala-koshelkam-polzovatelej.html
9. https://www.binance.com/ru/square/post/23348524069090
10. https://xakep.ru/tag/xrpl-js/

• XRP Ledger Foundation and Aikido Security Blog, April 2025 1
• Article on SecurityLab.ru about library hacking and secure release 4.2.5 2
• GitHub Advisory and documentation for version 4.2.5 and secure key management recommendations 5
• Review on Xakep.ru and other specialized resources, April 2025 6

1. https://xrpl.org/blog/2025/vulnerabilitydisclosurereport-bug-apr2025
2. https://www.securitylab.ru/news/558641.php
3. https://opennet.ru/63145-npm
4. https://nvd.nist.gov/vuln/detail/CVE-2025-32965
5. https://github.com/advisories/GHSA-33qr-m49q-rxfx
6. https://xakep.ru/2025/04/24/xrpl-js-supply-chain-attack/
7. https://www.wellnews.ru/society/technology/53666-hakery-atakovali-xrp-ledger-ujazvimost-v-javascript-biblioteke-ugrozhala-koshelkam-polzovatelej.html
8. https://ru.beincrypto.com/xrp-ledger-obzor-novostej/
9. https://sergeytereshkin.ru/publications/novosti-kriptovalyut-na-19-maya-2025-rost-bitcoin-regulirovanie-i-tekhnologicheskie-apgreydy
10. https://m.opennet.me/opennews/main.shtml?skip=60&news=open&template=mainnews&mid_lines=00&full_lines=15

1. https://yellow.com/ru/news/%D1%85%D0%B0%D0%BA%D0%B5%D1%80-%D0%B2%D0%B7%D0%BB%D0%BE%D0%BC%D0%B0%D0%BB-javascript-%D0%B1%D0%B8%D0%B1%D0%BB%D0%B8%D0%BE%D1%82%D0%B5%D0%BA%D1%83 -ripple-%D0%B4%D0%BB%D1%8F-xrp-%D0%B2-%D0%B0%D1%82%D0%B0%D0%BA%D0%B5-%D0%BD%D0%B0-%D1% 86%D0%B5%D0%BF%D0%BE%D1%87%D0%BA%D1%83-%D0%BF%D0%BE%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D0%BA
2. https://xakep.ru/2025/04/24/xrpl-js-supply-chain-attack/
3. https://forklog.com/news/haker-attacked-vladeltsev-xrp-through-the-javascript-library
4. https://cisoclub.ru/kljuchi-v-chuzhih-rukah-hakery-obmanuli-npm/
5. https://holder.io/ru/news/xrp-ledger-fixes-vulnerability-xrpl-js/
6. https://elitetrader.ru/index.php?newsid=740110
7. https://sergeytereshkin.ru/publications/novosti-kriptovalyut-na-19-maya-2025-rost-bitcoin-regulirovanie-i-tekhnologicheskie-apgreydy
8. https://coinspot.io/news/breaking-news/xrp-hack-npm-backdoor/
9. https://www.block-chain24.com/faq/v-chem-raznica-mezhdu-ripple-xrp-i-xrp-ledger
10. https://cisoclub.ru/vredonosnyj-kod-v-xrp-ledger-sdk-ugroza-kiberbezopasnosti/

1. https://xakep.ru/2025/04/24/xrpl-js-supply-chain-attack/
2. https://holder.io/ru/news/xrp-ledger-fixes-vulnerability-xrpl-js/
3. https://forklog.com/news/haker-attacked-vladeltsev-xrp-through-the-javascript-library
4. https://www.binance.com/ru/square/post/04-22-2025-xrp-ledger-foundation-urges-update-due-to-potential-vulnerability-23276974125961
5. https://minfin.com.ua/2025/04/23/149547730/
6. https://yellow.com/ru/news/%D1%85%D0%B0%D0%BA%D0%B5%D1%80-%D0%B2%D0%B7%D0%BB%D0%BE%D0%BC%D0%B0%D0%BB-javascript-%D0%B1%D0%B8%D0%B1%D0%BB%D0%B8%D0%BE%D1%82%D0%B5%D0%BA%D1%83 -ripple-%D0%B4%D0%BB%D1%8F-xrp-%D0%B2-%D0%B0%D1%82%D0%B0%D0%BA%D0%B5-%D0%BD%D0%B0-%D1% 86%D0%B5%D0%BF%D0%BE%D1%87%D0%BA%D1%83-%D0%BF%D0%BE%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D0%BA
7. https://cisoclub.ru/vredonosnyj-kod-v-xrp-ledger-sdk-ugroza-kiberbezopasnosti/
8. https://opennet.ru/63145-npm
9. https://www.wellnews.ru/society/technology/53666-hakery-atakovali-xrp-ledger-ujazvimost-v-javascript-biblioteke-ugrozhala-koshelkam-polzovatelej.html
10. https://cryptochan.net/stream/id/1745508913/

1. https://xakep.ru/2025/04/24/xrpl-js-supply-chain-attack/
2. https://holder.io/ru/news/xrp-ledger-fixes-vulnerability-xrpl-js/
3. https://forklog.com/news/haker-attacked-vladeltsev-xrp-through-the-javascript-library
4. https://www.binance.com/ru/square/post/04-22-2025-xrp-ledger-foundation-urges-update-due-to-potential-vulnerability-23276974125961
5. https://minfin.com.ua/2025/04/23/149547730/
6. https://yellow.com/ru/news/%D1%85%D0%B0%D0%BA%D0%B5%D1%80-%D0%B2%D0%B7%D0%BB%D0%BE%D0%BC%D0%B0%D0%BB-javascript-%D0%B1%D0%B8%D0%B1%D0%BB%D0%B8%D0%BE%D1%82%D0%B5%D0%BA%D1%83 -ripple-%D0%B4%D0%BB%D1%8F-xrp-%D0%B2-%D0%B0%D1%82%D0%B0%D0%BA%D0%B5-%D0%BD%D0%B0-%D1% 86%D0%B5%D0%BF%D0%BE%D1%87%D0%BA%D1%83-%D0%BF%D0%BE%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D0%BA
7. https://cisoclub.ru/vredonosnyj-kod-v-xrp-ledger-sdk-ugroza-kiberbezopasnosti/
8. https://opennet.ru/63145-npm
9. https://www.wellnews.ru/society/technology/53666-hakery-atakovali-xrp-ledger-ujazvimost-v-javascript-biblioteke-ugrozhala-koshelkam-polzovatelej.html
10. https://cryptochan.net/stream/id/1745508913/

1. https://xakep.ru/2025/04/24/xrpl-js-supply-chain-attack/
2. https://forklog.com/news/haker-attacked-vladeltsev-xrp-through-the-javascript-library
3. https://yellow.com/ru/news/%D1%85%D0%B0%D0%BA%D0%B5%D1%80-%D0%B2%D0%B7%D0%BB%D0%BE%D0%BC%D0%B0%D0%BB-javascript-%D0%B1%D0%B8%D0%B1%D0%BB%D0%B8%D0%BE%D1%82%D0%B5%D0%BA%D1%83 -ripple-%D0%B4%D0%BB%D1%8F-xrp-%D0%B2-%D0%B0%D1%82%D0%B0%D0%BA%D0%B5-%D0%BD%D0%B0-%D1% 86%D0%B5%D0%BF%D0%BE%D1%87%D0%BA%D1%83-%D0%BF%D0%BE%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D0%BA
4. https://www.binance.com/ru/square/post/04-22-2025-xrp-ledger-foundation-urges-update-due-to-potential-vulnerability-23276974125961
5. https://minfin.com.ua/2025/04/23/149547730/
6. https://xrpl.org/blog/2025/vulnerabilitydisclosurereport-bug-apr2025
7. https://www.wellnews.ru/society/technology/53666-hakery-atakovali-xrp-ledger-ujazvimost-v-javascript-biblioteke-ugrozhala-koshelkam-polzovatelej.html
8. https://holder.io/ru/news/backdoor-xrpl-js-security-risk/
9. https://opennet.ru/63145-npm
10. https://dropscapital.com/news/15264

1. https://financefeeds.com/ru/ripples-xrp-ledger-%D1%81%D0%B8%D0%B3%D0%BD%D0%B0%D0%BB%D0%B8%D0%B7%D0%B8%D1%80%D1%83%D0%B5%D1%82-%D0%BE-%D0%BA%D1%80%D0%B8%D1%82%D0% B8%D1%87%D0%B5%D1%81%D0%BA%D0%BE%D0%BC-%D0%B1%D1%8D%D0%BA%D0%B4%D0%BE%D1%80%D0%B 5-%D0%B2-%D0%B1%D0%B8%D0%B1%D0%BB%D0%B8%D0%BE%D1%82%D0%B5%D0%BA%D0%B5-javascript/
2. https://www.block-chain24.com/news/novosti-bezopasnosti/fond-xrp-ledger-obnaruzhil-bekdor-dlya-krazhi-kriptovalyut-v-oficialnoy
3. https://forklog.com/news/haker-attacked-vladeltsev-xrp-through-the-javascript-library
4. https://www.wellnews.ru/society/technology/53666-hakery-atakovali-xrp-ledger-ujazvimost-v-javascript-biblioteke-ugrozhala-koshelkam-polzovatelej.html
5. https://bitexpert.io/news/haker-atakoval-vladeltsev-monet-xrp/
6. https://www.moneytimes.ru/news/zloumyshlennik-skomprometiroval-steki-sdk/47643/
7. https://xakep.ru/2025/04/24/xrpl-js-supply-chain-attack/
8. https://yellow.com/ru/news/%D1%85%D0%B0%D0%BA%D0%B5%D1%80-%D0%B2%D0%B7%D0%BB%D0%BE%D0%BC%D0%B0%D0%BB-javascript-%D0%B1%D0%B8%D0%B1%D0%BB%D0%B8%D0%BE%D1%82%D0%B5%D0%BA%D1%83 -ripple-%D0%B4%D0%BB%D1%8F-xrp-%D0%B2-%D0%B0%D1%82%D0%B0%D0%BA%D0%B5-%D0%BD%D0%B0-%D1% 86%D0%B5%D0%BF%D0%BE%D1%87%D0%BA%D1%83-%D0%BF%D0%BE%D1%81%D1%82%D0%B0%D0%B2%D0%BE%D0%BA
9. https://www.ukr.net/ru/news/details/technologies/110896583.html
10. https://elitetrader.ru/index.php?newsid=740110