Ripple's xrpl.js npm package was compromised in a supply chain attack, with malicious code added to steal private keys and access cryptocurrency wallets. The attack affected versions 4.2.1, 4.2.2, 4.2.3, 4.2.4, and 2.14.2, and was traced to a hacked npm account. Users are advised to update to versions 4.2.5 or 2.14.3 and rotate private keys to mitigate risks. The vulnerability has been assigned CVE-2025-32965 with a CVSS score of 9.3, highlighting its severity.