XRPL closes critical amendment vulnerability

The Foundation said the issue was found in the signature-validation logic tied to the “Batch” feature set while the amendment was still in its voting phase and not activated on mainnet, meaning no user funds were at risk at the time of disclosure.

According to the Foundation’s description, the flaw could have enabled unauthorized execution of transactions from other accounts, including draining funds and modifying ledger state. The Foundation said a successful exploit at scale could have destabilized the ecosystem and damaged confidence in the network.

The vulnerability was identified on Feb. 19 by Pranamya Keshkamat, a security engineer at cybersecurity firm Cantina, alongside Cantina’s AI security bot, which the parties described as an autonomous bug hunter that surfaced the issue through static analysis of the rippled codebase.

Cantina and Spearbit CEO Hari Mulackal said the AI tool, Apex, found the bug and argued that if it had been exploited after activation it could have placed “nearly $80 billion” at direct risk, referencing XRP’s market value.

After the disclosure, the Foundation said validators were advised to vote against the amendment and an emergency release, rippled 3.1.1, was published on Feb. 23 to prevent the amendment from activating. The XRP Ledger documentation now lists the Batch amendment as obsolete and warns it was disabled in v3.1.1 due to a bug, with a replacement planned in a future release.

The incident also put attention on the growing role of AI-assisted security scanning in crypto infrastructure. The Foundation’s update linked the detection to broader adoption of AI tools for finding bugs that may be missed in manual review, pointing to a wider push to automate parts of vulnerability discovery and triage.