The XRPL Foundation has confirmed the patching of a critical vulnerability identified in an amendment to Ripple’s XRP Ledger. The flaw, discovered by Cantina cybersecurity's AI bot and a security engineer, was located in the signature-validation logic.
This vulnerability could have allowed attackers to execute transactions from victim accounts and drain funds without private keys. However, the amendment had not yet been activated on the mainnet, meaning no funds were at risk. The XRPLF stated that a successful exploit could have destabilized the ecosystem and eroded confidence in the XRPL.
Cantina AI's autonomous bug hunter identified the flaw through static analysis of the codebase. Validators were instructed to reject the amendment, and an emergency release, rippled 3.1.1, was issued to prevent its activation. The incident highlights the increasing role of AI in identifying complex code vulnerabilities.