Aikido Security researcher Charlie Eriksen urged developers to assume that any private keys or seed phrases handled by xrpl.js versions 4.2.1–4.2.4 and 2.14.2 have been compromised
Claim
Quotes that support claims
"If you believe that you may have been impacted, it's important to assume that any seed or private key that was processed by the code has been compromised," Eriksen said. "Those keys should no longer be used, and any assets associated with them should be moved to another wallet/key immediately."
On April 22, blockchain security specialist Aikido said in a blog post that XRP Ledger’s open-source JavaScript library was “compromised by sophisticated attackers who put in a backdoor to steal cryptocurrency private keys and gain access to cryptocurrency wallets.”
Referenced by
Implications for users and developers
Crypto news
Data block
