XRP Ledger Foundation patches critical signature bug in amendment

The XRP Ledger Foundation said it has fixed a critical vulnerability in a not-yet-enabled amendment to Ripple’s XRP Ledger, preventing a potential exploit before it could reach mainnet.

On Feb. 19, Pranamya Keshkamat, a security engineer at cybersecurity firm Cantina, and the Cantina AI security bot flagged a “critical logic flaw” in the XRP Ledger’s signature-validation logic, the foundation reported on Thursday.

The flaw in the signature validation code batch amendment could have allowed an attacker to submit transactions from victim accounts — including draining funds — without access to victims’ private keys. “The amendment was in its voting phase and had not been activated on mainnet; no funds were at risk,” the XRPLF said.

Information provided by XRP Ledger Foundation
Information provided by XRP Ledger Foundation

Potential impact on the ecosystem

Beyond the risk of unauthorized fund transfers and ledger state changes, the XRPLF said the issue could have “destabilized the ecosystem.” It added, “A successful large-scale exploit could have caused substantial loss of confidence in XRPL, with potentially significant disruption for the broader ecosystem.”

Cantina and Spearbit CEO Hari Mulackal said, “Our autonomous bug hunter, Apex, found this critical bug.” He added, “Had this been exploited, it would have been the largest security hack by dollar value in the world, with nearly $80 billion at direct risk,” possibly referring to XRP (XRP) market capitalization.

AI-driven security scanning

Cantina AI’s autonomous security tool identified the issue through “static analysis of the rippled codebase” and submitted a disclosure report, enabling Ripple’s engineering teams to validate the finding and begin remediation.

Validators were advised to vote against the amendment, and an emergency release (rippled 3.1.1) was issued on Feb. 23 to prevent the amendment from activating, according to the XRPLF.

AI is being adopted more widely in cybersecurity to detect code vulnerabilities that may be missed by humans. On Feb. 20, Anthropic introduced Claude Code Security, an AI vulnerability scanner it says “can reason like a skilled security researcher,” a launch that coincided with declines in shares of several public IT security companies.

Stay informed, read the latest news right now!

Disclaimer

The content on TrustsCrypto.com is for informational purposes only and does not constitute financial or investment advice. Cryptocurrency markets are highly volatile, always do your own research before making decisions.

Some content may be assisted by AI and reviewed by our editorial team, but accuracy is not guaranteed. TrustsCrypto.com is not responsible for any losses resulting from the use of information provided.

admin

Barclays eyes blockchain; UK weighs crypto bets; Block cuts 40%

Barclays eyes blockchain; UK weighs crypto bets; Block cuts 40%

DeFi Weekly: BTC ETF inflows, Jane Street claim pushback

DeFi Weekly: BTC ETF inflows, Jane Street claim pushback

Minnesota bill would ban crypto kiosks after scam reports

Minnesota bill would ban crypto kiosks after scam reports

UK Mulls Crypto Betting; Block to Cut 40%; Miners Tap High-Yield

UK Mulls Crypto Betting; Block to Cut 40%; Miners Tap High-Yield

Pantera, Franklin Templeton Join Sentient Arena to Test AI Agents

Pantera, Franklin Templeton Join Sentient Arena to Test AI Agents

Suspected insider wallets net $1.2M on Polymarket Axiom bet

Suspected insider wallets net $1.2M on Polymarket Axiom bet

Leave a Reply

Your email address will not be published. Required fields are marked *