ChainCatcher message, according to monitoring by the crypto security research organization Aikido Security, the official XRPL NPM package has been found to have a security vulnerability. This backdoor program steals user private keys and sends them to the attacker. The affected versions are 4.2.1 to 4.2.4, and Aikido Security recommends that users on earlier versions refrain from upgrading.