Peter Todd Slams Ripple After Major XRP Ledger Security Breach

Peter Todd, a Canadian Bitcoin developer once featured in an HBO documentary as a possible candidate for Satoshi Nakamoto, has reignited criticism of Ripple (XRP)

Canadian Bitcoin developer Peter Todd has slammed Ripple (XRP) after a serious vulnerability was found in a JavaScript library used by the XRP Ledger (XRPL).

The vulnerability was first flagged by Aikido Security and later acknowledged by Ripple CTO David Schwartz, sparking concern among members of the XRP community.

The issue, which involved malicious code being injected into Ripple’s official Node Package Manager (NPM) library, could have allowed attackers to steal private keys and drain XRP wallets.

However, the breach was quickly contained and patched by Ripple.

But Peter Todd, who was once featured in an HBO documentary as a possible candidate for Satoshi Nakamoto, took the opportunity to highlight a warning he had already shared a decade ago.

“10 years after I pointed out the risk of a Ripple backdoor due to Ripple not signing its software with PGP … there is a Ripple backdoor due to the NPM breach,” he wrote.

In a 2013 article, Todd had criticized Ripple for failing to verify software releases with PGP signatures or providing any method of authenticating downloaded software.

He warned at the time that such oversights could leave the door open for malicious actors to inject backdoors.

“It’s common practice for software to be signed with PGP to allow users to independently verify that the software they download has not been tampered with,” explained Todd.

“However, as far as I can tell, neither Ripple nor any other company that makes software for the XRP cryptocurrency signs its software releases with PGP or provides any other method for users to securely authenticate the software they download.”

This latest security lapse has sparked discussion among members of the crypto community on open-source supply chain security—a topic that has been a recurring point of concern.