A critical supply chain vulnerability tracked as CVE-2025-32965 has been uncovered in the popular JavaScript library xrpl.js, used to interact with the XRP Ledger. Malicious versions were uploaded to NPM and designed to exfiltrate wallet seeds and private keys to an attacker-controlled server, enabling theft of users’ funds. These versions did not match official GitHub releases raising red flags and contained hidden backdoors inserted through both TypeScript and compiled JavaScript code.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox