Ripple CTO Praises Xaman As Ledger CTO Advises Caution After NPM Supply-Chain Attack Could Redirect XRP Funds

• Xaman completed an immediate audit and found no compromise to its wallet.

• Malicious NPM packages targeted browser wallets by silently swapping recipient addresses.

• Industry figures including David Schwartz and Charles Guillemet urged vigilance; audits and hardware signing reduce risk.

Xaman wallet NPM supply chain attack: Xaman swiftly audited its app after NPM malware targeted crypto wallets; learn steps to verify packages and protect funds now.

What happened in the Xaman wallet NPM supply chain attack?

The Xaman wallet NPM supply chain attack involved a compromised NPM developer account that allowed malicious code to propagate into widely used JavaScript packages. These malicious packages attempted to target browser-based cryptocurrency wallets by replacing or redirecting recipient addresses, exposing users who rely on unverified packages or unsigned transactions.

How did Xaman respond to the supply‑chain incident?

The Xaman team initiated an immediate internal audit and public alert to users. Their review found no evidence of Xaman client compromise, and they advised users on verification steps. David Schwartz (CTO, Ripple) publicly praised Xaman’s fast reaction and transparent communication.

Why do NPM supply‑chain attacks target crypto wallets?

Attackers exploit the trust model of package managers: small changes in trusted packages can be distributed widely and executed in users’ environments. Malware focused on crypto wallets automates address swapping or clipboard manipulation to redirect funds to attacker addresses, particularly affecting less experienced users.

How should users protect funds after a supply‑chain compromise?

Follow immediate verification and protection steps: pause nonessential on‑chain transactions if you lack clear hardware signing; verify package checksums and maintain up‑to‑date software; use hardware wallets with explicit signing flows for large transfers.

David Schwartz, chief technology officer at Ripple, praised Xaman for its swift handling of the incident. A reputable developer’s NPM account was compromised, and multiple JavaScript packages were found to contain malicious code that targeted browser wallets.

The malware specifically targeted popular crypto wallets by intercepting or swapping recipient addresses to redirect funds. This technique preys on users who do not verify transaction details or who rely on unsigned browser prompts.

As reported by COINOTAG, Ledger CTO Charles Guillemet recommended that users without hardware wallets offering clear, on‑device signing temporarily avoid on‑chain transactions until the ecosystem confirms package integrity.

What did Xaman’s audit conclude?

Xaman’s team performed an expedited security audit and confirmed that the official Xaman release had not been compromised. The wallet team also published recommended verification steps and urged users to update only via official channels and to validate package signatures where available.

XRPL Labs co‑founder Wietse Wind noted that supply‑chain attacks are increasing in frequency, highlighting the need for stronger package signing and dependency hygiene across the JavaScript ecosystem.

How can developers and users verify packages?

Developers should adopt reproducible builds, digital signatures and lockfiles. Users should verify checksums, prefer signed releases, and avoid installing unvetted packages. Regular dependency audits and minimal third‑party package usage reduce exposure.

Frequently Asked Questions

Did Xaman’s wallet actually get compromised?

Xaman’s expedited audit found no signs of compromise to official wallet builds. The incident involved infected NPM packages from a compromised developer account; Xaman’s releases remained secure after verification.

Should I stop transacting on‑chain right now?

Ledger CTO Charles Guillemet advised that users without hardware wallets supporting explicit on‑device signing consider pausing on‑chain transactions until package integrity is confirmed. Prioritize hardware signing for high‑value transfers.

How can you secure your wallet after a supply‑chain attack? (Step‑by‑step)

Follow these practical, prioritized steps to reduce risk and verify client integrity.

1. Pause on‑chain transactions if you do not have hardware signing for critical transfers.
2. Verify the wallet build checksum or signature against the publisher’s official release notes.
3. Update the wallet only from official channels and re‑install from verified binaries if in doubt.
4. Use a hardware wallet with explicit on‑device signing for all significant transactions.
5. Audit installed dependencies and remove unused or untrusted packages.

Key Takeaways

• Immediate audit matters: Xaman’s fast audit limited user exposure and clarified safety.
• Supply‑chain risk is real: Malicious NPM packages can silently target wallet flows and address fields.
• Protective actions: Verify signatures, use hardware wallets, and prefer signed releases for crypto operations.

Conclusion

The Xaman wallet NPM supply chain attack underscores the growing threat of dependency‑level malware in the JavaScript ecosystem. Xaman‘s prompt audit and community notifications reduced uncertainty, while experts including David Schwartz and Charles Guillemet urged caution. Users should verify builds, adopt hardware signing, and follow official guidance from wallet teams to protect funds.

Published by COINOTAG on 2025-09-08. Last updated 2025-09-08.