A critical security breach has rocked Ripple’s XRP Ledger (XRPL) blockchain, potentially exposing users to significant losses. The attack highlights vulnerabilities in blockchain ecosystems and raises questions about Ripple’s security practices.

Malicious Code Compromises XRPL Software

On Monday evening, a hacker infiltrated the XRPL node package manager, a vital piece of software for developers using Ripple’s public blockchain. The breach was flagged by crypto security firm Aikido, which discovered that the attacker had embedded malicious code into the software.

The infected package, reportedly downloaded over 140,000 times last week, posed a grave risk to “hundreds of thousands of applications and websites,” according to Charlie Eriksen, an Aikido security researcher.

Ripple’s Swift Response

The compromised software was replaced with a secure version on Tuesday afternoon, less than 24 hours after the breach. However, the full impact remains unclear, as Ripple has yet to issue a formal statement.

XRPL is Ripple’s blockchain alternative to Ethereum and Solana, offering support for smart contracts and hosting over $80 million in DeFi deposits. Despite its growing popularity, this attack underscores the challenges of securing blockchain infrastructure.

How the Attack Unfolded

The hacker, identified as mukulljangid, uploaded five malicious versions of the XRPL software without corresponding updates on the XRPL GitHub repository—a clear red flag.

The malware was designed to steal private keys, which function like passwords for crypto wallets. If compromised, these keys allow hackers to siphon funds from wallets without permission.

“This was an active attack with multiple updates, indicating the hacker was refining their backdoor for maximum impact,” said Eriksen.

Ripple’s Security Under Scrutiny

This incident comes on the heels of a high-profile theft in January 2024, when Ripple co-founder Chris Larsen lost XRP tokens worth $112 million at the time. The breach, tied to LastPass, has since ballooned to $449 million in value after XRP’s price surged by 294% over the past year.

Aikido’s detection system, leveraging advanced language models, flagged the malicious code in real-time. Yet, the attack exposes systemic vulnerabilities, with 43.8% of last year’s stolen crypto attributed to private key compromises, according to Chainalysis.

Lessons for Blockchain Security

The breach raises urgent questions about the security protocols of Ripple and XRPL. While Ripple acted quickly to neutralise the threat, the incident underscores the critical need for robust monitoring systems and transparency in software updates.

As XRPL continues to grow, securing its ecosystem against sophisticated attacks like this will be vital to maintaining user trust and safeguarding funds.