# Ripple NPM Package xrpl.js Targeted by Hackers with a Backdoor that Steals Private Keys
A recent security breach has exposed thousands of websites and apps that rely on the popular NPM package XRP Ledger (XRPL), leaving them vulnerable to crypto key theft and potential supply chain disruptions.
### The Breach
In late 2023, Ripple discovered five new packages added to the XRP Ledger repository on GitHub, which raised suspicions about the changes made to the code. Further analysis revealed that the malicious code communicated with a newly registered domain name, 0x9c.xyz, used during the wallet creation process, allowing attackers to access private keys.
The compromised XRPL included versions 4.2.1 and 4.2.4. Ripple has since released new versions that mitigate the threat, including versions 4.2.5 and 2.14.3. Affected users are advised to move their assets immediately to new addresses.
### How the Attack Worked
The attackers added a method named checkValidityOfSeed() at the end of the file /src/index.ts in the compromised versions. This method allows users to send a String to the web address 0x9c.xyz/xcm, where attackers can store the retrieved data. The method sends the data using an HTTP POST request and disguises it as a referral service to hide activities from network monitoring scanners.
The checkValidityOfSeed() method allows attackers to steal private keys, mnemonics, and seeds. This backdoor vulnerability puts users at risk of losing control over their cryptocurrency holdings.
### The Ripple Response
Ripple has assured users that the attack only affected the xrpl.js package and not the core repository for Ripple. They have advised developers to replace any infected versions as soon as possible and recommended rotating wallet addresses to prevent future attacks by malicious actors.
The XRP Ledger Foundation (XRPLF) is responsible for maintaining the xrpl.js library, which is an official package used to communicate with Ripple through JavaScript. The package is used widely, with an average of 140,000 downloads per week.
### A Cautionary Tale
Coinbase suffered a similar attack in March when attackers targeted their open-source AgentKit. However, Coinbase was able to foil the attack and prevent any damage to its supply chain.
The recent security breach highlights the importance of keeping software up-to-date and using reputable sources for dependencies. Developers are advised to be vigilant and take proactive measures to protect themselves against similar attacks in the future.
### Market Update
Ripple has recently experienced significant gains in the American market, following the SEC's settlement with the crypto company. The change in American regulation has allowed the Ripple network to expand its business practices and focus on innovation.
The XRP price has increased by around 300% since Trump's inauguration. Ripple has similar price dynamics, in terms of volatility, to other coins like Stellar and TRON, which may be due to overlapping remittance markets.
There is now a push to release an XRP ETF (Exchange-Traded Fund). Coinbase further released an XRP futures market on its derivatives platform, announcing the change on April 21.