4 hours ago
1 
The vulnerability was initially flagged by Aikido Security and later acknowledged by Ripple CTO David Schwartz, sparking renewed concern around software security in the XRP ecosystem.
NPM Breach Exposes XRP Wallets to Key Theft
The issue stems from malicious code injected into Ripple’s official Node Package Manager (NPM) library—code that could potentially allow attackers to steal private keys and drain XRP wallets.
While Ripple responded quickly to mitigate the breach, the situation drew sharp criticism from Peter Todd, who revisited a warning he issued over a decade ago.
“10 years after I pointed out the risk of a Ripple backdoor due to Ripple not signing its software with PGP… there is a Ripple backdoor due to the NPM breach,” Todd posted.
A Long-Standing Concern Over Code Verification
In a past article, Todd had criticized Ripple for failing to verify software releases with PGP signatures or providing any secure method of authenticating downloaded software. He warned at the time that such oversights could lead to malicious actors injecting backdoors—a prediction that now seems eerily accurate.
This latest security lapse has renewed debates around open-source supply chain security, a recurring issue in crypto, where decentralized networks depend heavily on trusted code distribution and verified updates.
What This Means for XRP Holders
While the vulnerability appears to have been caught in time, Todd’s commentary has sparked broader questions about Ripple’s security practices and the industry’s need for tighter software verification standards.
As the value of digital assets continues to climb, so too does the importance of ensuring airtight development practices. The situation serves as a stark reminder: even mature blockchain ecosystems remain vulnerable to software supply chain threats.
The post Peter Todd Slams Ripple After Major XRP Ledger Security Breach appeared first on Coindoo.
Bengali (Bangladesh) · 
English (United States) ·