Sources
Loading...
Additional media
Loading...
DeepNewz, mobile.
People-sourced. AI-powered. Unbiased News.
🚨 JUST IN: Peter Todd, a Canadian Bitcoin developer once spotlighted in an HBO documentary as a possible identity behind Satoshi Nakamoto, has stirred fresh debate around Ripple. His criticism comes after a vulnerability was found in a JavaScript library tied to the $XRP https://t.co/Qo8XzSEx6f
10 years after I pointed out the risk of a Ripple backdoor due to Ripple not PGP signing their software or providing any other way to get it securely... there's a a Ripple backdoor due to an npm compromise. 😂 https://t.co/5Z3x68KeB5 https://t.co/IkR3sG3pfd
Ripple NPM supply chain attack hunts for private keys https://t.co/rVy8SHXoi0
The XRP Ledger Foundation identified a serious vulnerability in the official JavaScript library (xrpl.js) used to interact with the XRP Ledger blockchain. On April 21, a malicious actor compromised the software development kit (SDK) stack by inserting a backdoor into the JavaScript library, a supply chain attack that targeted XRP holders. Security experts at Aikido Security and other cybersecurity analysts confirmed the breach, which aimed to hunt for private keys through the compromised Ripple NPM package. In response, the XRP Ledger Foundation upgraded the code repository to remove the compromised version. The incident has reignited criticism from Bitcoin developer Peter Todd, who had previously warned about Ripple’s lack of secure software signing practices, highlighting ongoing concerns about Ripple’s software security.
