Security has always been the biggest priority in the Crypto World, but recently a major Javascript Library XRPL.JS found a serious security vulnerability in the XRP LEDGER, which led to a great threat to the safety of the network. This without this was so dangerous that it could have threatened users’ private keys and wallets.
According to recent news, Coinswitch reports that Ripple is India’s top buying and selling coin Is. Ripple has also overtaken large cryptocurrency like Shiba Inu and Bitcoin.
What is the matter?
XRPL.JS is a popular Javascript Library used for connecting and transaction to the XRP Ledger Community. This library is maintained by XRP Ledger underpinning and Ripple also recommends to work with XRP Blockchain.
Recently, a backdore was found in updates from 4.2.1 to 4.2.4 of this library. The bug was discovered by a blockchain security firm called Aikido Safety. According to his report, through this backdoor attackers could steal the private keys of users and evacuate their wallets.
How did the backdoor work?
According to Charlie Eiksen, a researcher at Aikido Safety, it was a sophisticated “supply chain attack”. The attackers had hacked the NPM account of an employee of Ripple, whose username is described as ‘Mukulljangid’. The attackers then put the backdoor code in the latest version of the library.
This backdoor code used to send the user’s private pockets seeds and mnemonics to an attacker-controlled domain (0x9c (.) XYZ). The most dangerous thing was that many infected versions were launched in a short time, which showed that attackers were trying different ways to avoid detection.
What happened to the solution?
As soon as information about this bug was received, XRP Ledger underpinning and Ripple Immediately took action on this. Unholy Code was removed and all repositories of the library were updated with the latest security patch. In addition, users have been given warning to stop it immediately if they are using 4.2.1 to 4.2.4 versions and stay on an old version or use a new patch version.
How big was the danger?
This attack could have been on a large scale because XRPL.JS Library is downloaded more than 1.4 lakh times every week. If this bug was not detected in time, then funds could be stolen from wallets of thousands of users.
Conclusion
It is clear from this incident that security in Crypto World cannot be taken lightly. Both developers and users need to be careful. Due to taking timely action, this time a big loss was averted, but in the coming time, strict security measures are required to prevent such attachments.
Also read:Cantor’s tether and partnership with Bitfinex, what will be changes
