A significant hacker attempt targeting the security of the XRP Ledger ecosystem was successfully blocked, thanks to the swift action of security teams and the timely discovery of a vulnerability by an expert researcher.
The attempted attack involved a hacker trying to exploit a developer’s access token to insert malicious code into one of the key libraries used for interacting with the XRP ledger: xrpl.js. Had the attack succeeded, it could have led to a widespread supply chain attack, potentially jeopardizing hundreds of thousands of applications and websites that rely on this widely-used JavaScript library.
Aikido Security’s Vital Role in Detecting the Threat
The threat was first detected by Charlie Eriksen, a researcher at Aikido Security, who identified unusual activity on April 21st. Through their monitoring system, Aikido Security found five suspicious versions of the xrpl.js package published on the popular Node Package Manager (NPM) platform, used for distributing JavaScript packages.
The hacker had gained access to the NPM token of one of the developers and used it to publish compromised versions of the library: v4.2.1, v4.2.2, v4.2.3, v4.2.4, and v2.14.2. These versions contained malicious code designed to steal private keys, putting cryptocurrency wallets at risk.
xrpl.js records over 140,000 downloads weekly and is integrated into numerous applications and online services. According to Eriksen, if the malicious code had gone unnoticed for longer, the damage could have been catastrophic.
The XRP Ecosystem Remains Unscathed
Fortunately, key platforms within the XRP ecosystem, such as Xaman Wallet and XRPScan, confirmed that they were not affected by the malicious versions, as they had not used the compromised releases. The risk was limited to third-party applications that had inadvertently installed the malicious versions during the brief period before the issue was detected and addressed.
The XRP Ledger Foundation quickly responded to the threat by declaring the compromised versions as obsolete and releasing a fixed update: xrpl.js v4.2.5. Developers were urged to update their projects to ensure the security of the entire ecosystem.
The Foundation also clarified that the main XRP Ledger source code and its associated GitHub repository were not impacted by the attack, as the vulnerability was confined solely to the external JavaScript library.
Investigation Ongoing, but Author Remains Unknown
Although the immediate threat has been neutralized, the identity of the hacker remains unknown. Aikido Security has indicated that it is actively investigating possible leads related to the incident.
Meanwhile, experts emphasize the importance of strengthening security practices, especially around the management of access tokens and the distribution of software packages, to prevent similar attacks in the future.
XRP Price Rises Despite the Incident
Surprisingly, the market response to the attack has been notably resilient. The price of XRP saw an 8.5% increase over the past 24 hours, aligning with a broader bullish trend across the cryptocurrency market. This suggests that investor confidence in XRP’s infrastructure has not been significantly impacted by the security breach.
Ripple Settles Legal Dispute with the SEC
In addition to the security scare, XRP also reached a significant milestone in its long-standing legal battle with the U.S. Securities and Exchange Commission (SEC). After more than four years of litigation, Ripple Labs and the SEC have reached a settlement.
The conflict began in December 2020 when the SEC accused Ripple of conducting an unregistered securities offering through the sale of XRP tokens, amounting to over $1.3 billion. Ripple has consistently maintained that XRP is a digital currency, not a security.
In July 2023, District Judge Analisa Torres issued a mixed ruling, determining that Ripple’s institutional sales of XRP violated securities laws, while public market sales did not. As a result, Ripple was ordered to pay a $125 million civil penalty.
Final Settlement Brings Clarity
In March 2025, Ripple and the SEC reached a final settlement. Ripple will pay $50 million, while the remaining $75 million penalty will be returned to the company. Both parties have agreed to drop their respective appeals, bringing an end to the legal saga.
This agreement is seen as a key moment for the cryptocurrency industry, establishing an important legal precedent for the regulation of digital assets in the U.S.
A Turning Point for XRP
The combination of successfully fending off the cyber attack and settling the legal dispute with the SEC marks a crucial moment for the future of XRP. The rapid, coordinated response to the security threat demonstrates the strength and maturity of the ecosystem’s security infrastructure, while the resolution of the legal case provides much-needed regulatory clarity.
In a market where trust is paramount, XRP has successfully navigated two significant challenges, solidifying its position in both bullish and bearish cryptocurrency environments.