ripple | Breaking Cybersecurity News | The Hacker News

The Ripple cryptocurrency npm JavaScript library named xrpl.js has been compromised by unknown threat actors as part of a software supply chain attack designed to harvest and exfiltrate users' private keys. The malicious activity has been found to affect five different versions of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The issue has been addressed in versions 4.2.5 and 2.14.3. xrpl.js is a popular JavaScript API for interacting with the XRP Ledger blockchain, also called the Ripple Protocol, a cryptocurrency platform launched by Ripple Labs in 2012. The package has been downloaded over 2.9 million times to date, attracting more than 135,000 weekly downloads. "The official XPRL (Ripple) NPM package was compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets," Aikido Security's Charlie Eriksen said . The malicious code changes have been found to be introduced by a...

Coincheck, a Tokyo-based cryptocurrency exchange, has suffered what appears to be the biggest hack in the history of cryptocurrencies, losing $532 million in digital assets (nearly $420 million in NEM tokens and $112 in Ripples ). In 2014, Mt Gox , one of the largest bitcoin exchange at that time, filed for bankruptcy after admitting it had lost $450 million worth of Bitcoins. Apparently, the cryptocurrency markets reacted negatively to the news, which resulted in 5% drop in Bitcoin price early this morning. In a blog post published today, the Tokyo-based cryptocurrency exchange confirmed the cyber heist without explaining how the tokens were stolen, and abruptly froze most of its services, including deposits, withdrawals and trade of almost all cryptocurrencies, except Bitcoin. Coincheck also said the exchange had even stopped deposits into NEM cryptocurrencies, which resulted in 16.5% drop in NEM coin value, as well as other deposit methods including credit cards. Durin...