Website of Ripple seen in an iPhone screen. Source: Koshiro K - stock.adobe.com

Key Takeaways:

XRP Ledger Foundation disclosed a major backdoor vulnerability in a widely used JavaScript library, posing a high-risk supply chain threat.
Affected library has been swiftly removed, and key XRP ecosystem platforms confirmed they were not compromised.
Despite the security scare, XRP price rose over 3.5% on April 22, buoyed by market confidence and favorable regulatory developments.

The XRP Ledger Foundation has uncovered a major security issue in a widely used JavaScript library designed to interface with the XRP Ledger blockchain.

According to blockchain security firm Aikido, the library was compromised by attackers who inserted a backdoor to steal private keys and gain unauthorized access to cryptocurrency wallets.

For users of the 2.14.x branch we've just published an updated npm package to remove the previously compromised version. If you’re using the 2.14.x branch, please update to 2.14.3 immediately:https://t.co/ZgCiSPf8px
— XRP Ledger Foundation (Official) (@XRPLF) April 22, 2025

While the blockchain itself was not affected, the compromised package is integrated into hundreds of thousands of applications and websites, raising concerns of a large-scale supply chain attack.

The Foundation responded swiftly, removing the compromised version from its code repository.

Several major platforms in the XRP ecosystem — including XRPScan and First Ledger — confirmed they were not impacted.

Despite the alarming news, XRP’s market value rose over 3.5% on April 22, showing investor confidence.

The XRP Ledger, launched in 2012, continues to see growing institutional adoption, especially amid a favorable U.S. regulatory climate.

Following the election of a crypto-supportive president, XRP’s price surged over 300%.

Additionally, Coinbase has introduced XRP futures on its U.S. derivatives platform, and several asset managers have proposed XRP-based ETFs to the SEC, reflecting increased institutional interest in the asset.