XRP Ledger SDK Hit by Supply Chain Attack Through Malicious NPM Packages

The XRP Ledger SDK has been the target of a supply chain attack through malicious versions of its NPM package. These versions stole private keys. Users are advised to update their packages. The attack targeted versions 1.5.0 and 1.6.0 of the xrpl package, which contained a backdoor allowing attackers to steal users' private keys. Users are strongly encouraged to update to version 1.7.0 or later to protect themselves.