The XRP Ledger Foundation has confirmed it patched a critical vulnerability discovered in a not-yet-activated amendment to Ripple’s XRP Ledger, preventing what could have been a major exploit.
On Feb. 19, security engineer Pranamya Keshkamat from Cantina, along with Cantina’s AI security bot, identified what was described as a “critical logic flaw” in the ledger’s signature-validation process, according to a statement released Thursday.
The issue, found in a batch amendment to the signature validation code, could have allowed an attacker to submit fraudulent transactions from victim accounts — including draining funds — without access to their private keys.
However, the foundation emphasized that the amendment was still in its voting phase and had not been activated on mainnet, meaning no user funds were put at risk.
Beyond the risk of fund theft and unauthorized changes to the ledger’s state, the XRP Ledger Foundation warned that exploitation of the flaw could also have significantly destabilized the broader ecosystem.
“A successful large-scale exploit could have caused substantial loss of confidence in XRPL, with potentially significant disruption for the broader ecosystem.”
Hari Mulackal, CEO of Cantina and Spearbit, said the flaw was detected by the company’s autonomous bug-hunting system, Apex.
“Had this been exploited, it would have been the largest security hack by dollar value in the world, with nearly $80 billion at direct risk,” he said, likely referencing the market capitalization of XRP.
Rise of AI-powered cybersecurity scanners
Cantina’s AI security platform identified the vulnerability through static analysis of the rippled codebase and submitted a responsible disclosure report, enabling Ripple engineers to verify the issue and begin deploying a fix.
Validators were urged to vote against the amendment, and an emergency software update — rippled 3.1.1 — was released on Feb. 23 to prevent the amendment from activating, according to the XRP Ledger Foundation.
The incident highlights the growing role of artificial intelligence in cybersecurity, where automated tools are increasingly used to uncover software vulnerabilities that human reviewers might miss.
On Feb. 20, Anthropic launched Claude Code Security, an AI-driven vulnerability scanner it claims can “reason like a skilled security researcher,” a development that reportedly weighed on shares of publicly listed IT security firms.
