In a recent social media post, Peter Todd, the prominent Canadian Bitcoin developer who was identified as the likeliest Satoshi Nakamoto candidate in a 2024 HBO documentary, took to social media to slam Ripple after a backdoor was spotted in the JavaScript library used for the XRP Ledger (XRPL). 

Todd recalled that he had warned about such a vulnerability a decade ago. 

As reported by U.Today, Ripple CTO David Schwartz recently warned about malicious code in the library that was initially spotted by Aikido Security. The backdoor made it possible to send private keys to a suspicious domain, which essentially allows attacks to steal the private keys of those who use the compromised versions of the XRPL software development kit (SDK). 

Earlier, Todd published a paper claiming that Ripple's security could be compromised due to the fact that they did not provide a cryptographic PGP signature verifying their code. This would potentially make it possible for hackers to inject malicious code and distribute a fake version of software. Ironically, the same kind of attack ended up materializing a decade later, with an NPM compromise resulting in the malicious backdoor. 

Notably, Schwartz admitted that Schwartz's warning was true "at that time" in February.  

At the same time, Todd has admitted that his own software library is not PGP signed because the Python Package Index (PyPi) stopped supporting such downloads. 

"In fairness, at the moment, my python-bitcoinlib library isn't PGP signed for most users because PyPi made the idiotic decision to phase out PGP signatures. But my hands are tied on that; the entire software industry is incompetent," he said.

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。