URGENT: Security Alert — Rotate Keys and Upgrade xrpl.js Immediately (Versions 4.2.1 - 4.2.4 Compromised)

[xrpl-announce]

Hello all,

Versions 4.2.1, 4.2.2, and 4.2.4 of xrpl.js were compromised and contained malicious code designed to exfiltrate private keys. If you are using one of these versions, stop immediately and rotate any private keys or secrets used with affected systems. The XRP Ledger supports key rotation: https://xrpl.org/docs/tutorials/how-tos/manage-account-settings/assign-a-regular-key-pair

If any account's master key is potentially compromised, you should disable it: https://xrpl.org/docs/tutorials/how-tos/manage-account-settings/disable-master-key-pair

Please upgrade to version 4.2.5 of xrpl.js to use the rectified version of the software: https://www.npmjs.com/package/xrpl/v/4.2.5