Ripple's official xrpl.js package was compromised, exposing DeFi wallets to potential private key theft.