XRPL Supply Chain Attack and How to Block it Using Cloudsmith’s Enterprise Policy Management

The xrpl.js library, used to integrate the XRP Ledger with JavaScript/TypeScript applications, has been targeted in a malicious supply chain attack. The attackers introduced five fake versions of the library, which included a backdoor that could leak private keys and sign fraudulent transactions. However, Cloudsmith's Enterprise Policy Management (EPM) system detected the threat and blocked it by quarantining packages with affected versions, thanks to its policy-as-code feature. This highlights the importance of using secure dependencies and keeping software up-to-date to prevent such attacks.