 
 
The XRP Ledger Foundation has announced that it fixed a critical vulnerability in a pending amendment of Ripple’s XRP Ledger, preventing what could have been a significant security exploit.
On February 19, a security engineer at cybersecurity company Cantina, Pranamya Keshkamat, along with the Cantina AI security bot, discovered a “critical logic flaw” in the signature-validation process of Ripple’s XRP Ledger, the XRP Ledger Foundation reported Thursday.
The flaw could have enabled bad actors to initiate transactions from user accounts — including siphoning funds — without requiring access to the victims’ private keys.
The proposed “Batch” amendment (XLS-56) was still under voting and had not yet gone live on the XRP Ledger mainnet, meaning that no user funds were ever at risk or affected.
World’s “Largest Security Hack By Dollar Value”
According to the XRP Ledger Foundation, the vulnerability not only posed a risk of fund theft and ledger tampering but also had the potential to disrupt the stability of the entire ecosystem.
 
“A successful large-scale exploit could have caused substantial loss of confidence in XRPL, with potentially significant disruption for the broader ecosystem.”
The Batch amendment is designed to let several “inner” transactions be bundled together. These inner transactions remain unsigned to reduce processing power, with authorization handled by the outer batch’s designated signers. But, a critical loop error in the signer-calling mechanism created a significant security vulnerability.
If the system came across a signer linked to an account not yet present on the ledger, and the signing key matched that new account, it would instantly mark the validation as successful. The loop would then exit prematurely, bypassing critical validator checks. An attacker could have leveraged a particular sequence of batched transactions to exploit this flaw.
Cantina and Spearbit CEO Hari Mulackal noted in a post on X, “Great work by the @Ripple team on responding quickly to our disclosure, alerting the validators who promptly voted down the upgrade that was scheduled to go live on March.”
“Had this been exploited, it would have been the largest security hack by dollar value in the world, with nearly $80 billion at direct risk,” he added, perhaps referencing XRP’s current market cap.
The XRP Ledger Foundation reported that validators were instructed to vote down the amendment, and an emergency update (Rippled 3.1.1) was released earlier this week to prevent the amendment from being activated.