The Ripple digital currency npm JavaScript library known as xrpl.js has been breached by unidentified malicious entities in a software supply chain assault aimed at gathering and removing users’ confidential keys.
This harmful activity has been discovered to impact five distinct iterations of the package: 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2. The problem has been resolved in versions 4.2.5 and 2.14.3.