XRPL Foundation Fixes Critical Flaw That Nearly Hit Mainnet

By Kevin GiorginFebruary 27, 2026 at 6:49 AMEdited by Josh Sielstad2 min read
FacebookTwitterTelegramSubscribe

What to Know

  • $80 billion in XRP was potentially at direct risk from a critical signature-validation flaw in an unenabled XRP Ledger amendment
  • Cantina AI's autonomous bug hunter Apex and security engineer Pranamya Keshkamat identified the vulnerability on February 19
  • An emergency release, rippled 3.1.1, was published on February 23 to block the flawed amendment from activating
  • The amendment remained in its voting phase and was never activated on mainnet, meaning no funds were lost

The XRPL Foundation confirmed on Thursday that it patched a critical vulnerability in an unenabled amendment to the XRP Ledger, averting what could have been a catastrophic exploit. On February 19, security engineer Pranamya Keshkamat at cybersecurity firm Cantina and the Cantina AI security bot identified a "critical logic flaw" in the signature-validation logic of Ripple's blockchain, according to the XRPL Foundation.

What Was the Critical XRPL Vulnerability?

The flaw in the XRP Ledger's batch amendment signature-validation code could have allowed an attacker to execute transactions from victim accounts — including draining funds — without ever possessing the victim's private keys. The amendment was still in its voting phase and had not been activated on mainnet, so no funds were at risk, the XRPL Foundation stated.

In addition to potential theft of funds and modification of ledger state, the vulnerability could have "destabilized the ecosystem," the XRPL Foundation warned.

Cantina AI's Autonomous Bug Hunter Catches the Flaw

The autonomous AI security tool developed by Cantina AI, known as Apex, identified the vulnerability through static analysis of the rippled codebase and submitted a disclosure report, enabling Ripple's engineering team to validate it and begin patching. Cantina and Spearbit CEO Hari Mulackal confirmed that "our autonomous bug hunter, Apex, found this critical bug."

"Had this been exploited, it would have been the largest security hack by dollar value in the world, with nearly $80 billion at direct risk," Mulackal said in a statement, possibly referencing XRP's market capitalization.

Had this been exploited, it would have been the largest security hack by dollar value in the world, with nearly $80 billion at direct risk.

— Hari Mulackal, CEO of Cantina and Spearbit

Emergency Patch and Validator Response

Validators were advised to vote against the amendment, and an emergency release — rippled 3.1.1 — was published on February 23 to block the amendment from activating, stated the XRPL Foundation. The turnaround from discovery to patch deployment took just four days.

How Is AI Reshaping Blockchain Security?

AI is increasingly being deployed for cybersecurity purposes to catch code bugs that human eyes may overlook. Anthropic released Claude Code Security, its AI cybersecurity vulnerability scanner, on February 20, claiming it "can reason like a skilled security researcher." That announcement triggered a dip in publicly traded IT security company shares, underscoring the broader industry shift toward automated threat detection across blockchain and traditional systems.

TopicsLatest NewsCryptocurrencyBitcoin
Daily Newsletter

Stay ahead of the market.

Crypto news and analysis delivered every morning. Free.

More from Bitcoinomist

Browse Latest NewsResearch Reports →Live Prices →

About the Author

KG
Kevin Giorgin

Senior Analyst

Kevin Giorgin is an award-winning crypto journalist with over five years of experience covering Bitcoin, DeFi, and blockchain technology at Bitcoinomist.

View all contributors
Google News

Follow bitcoinomist.io on Google News to receive the latest news about blockchain, crypto, and web3.

Follow us on Google News
Disclosure: This article does not represent investment advice. The content and materials featured on this page are for educational purposes only.