📢 Live Market News: Loading news...

AI Tool Helps Avert Critical XRP Ledger Security Flaw


The XRP Ledger Foundation has confirmed that it has patched a critical vulnerability discovered in a not-yet-enabled modification of Ripple’s XRP Ledger, averting a potentially major exploit.

On February 19, security engineer at cybersecurity firm Cantina, Pranamya Kashkamat, and security bot Cantina AI discovered a “serious logic flaw” in the signature validation logic of Ripple’s blockchain, the XRP Ledger, the XRP Ledger Foundation reported on Thursday.

The vulnerability in modifying a signature verification code batch would have allowed an attacker to execute transactions from victims’ accounts, including draining funds, without obtaining the victim’s private keys.

“The amendment was in the voting stage and had not been activated on the mainnet; no funds were at risk,” XRPLF said.

source: XRP Ledger Foundation

Exploitation may have destabilized the ecosystem

In addition to the potential theft of funds and modification of the ledger state, the vulnerability could have “destabilized the ecosystem,” XRPLF said.

“A successful large-scale exploit could have caused a significant loss of trust in XRPL, with the potential for significant disruption to the broader ecosystem.”

Related to: Cybersecurity stocks fall after Anthropic unveils Claude Code Security

“Apex, our independent bug hunter, discovered this critical bug,” said Hari Mulakkal, CEO of Cantina and Spearbit.

“Had this been exploited, this would have been the largest security breach in dollar terms in the world, with approximately $80 billion directly at risk,” he added, perhaps referring to the market capitalization of XRP.

The emergence of AI cybersecurity scanners

An independent AI security tool developed by Cantina AI identified the vulnerability through “static analysis of the Ripple code base,” and provided a detection report that allows Ripple’s engineering teams to validate it and begin patching the code.

Validators were advised to vote against the amendment, and an emergency statement (Ripple 3.1.1) was published on February 23 to prevent the amendment from taking effect, XRPLF said.

Artificial intelligence is increasingly being deployed for cybersecurity purposes to detect software errors that might be overlooked by the human eye.

Anthropic released CloudCode Security, an AI-based cybersecurity vulnerability scanner that it claims “can think like a skilled security researcher” on February 20, causing shares of the public IT security company to fall.

magazine: Artificial Intelligence Won’t Make You Rich, But Cryptocurrency Games Might Do, Axie Founder Steps Down: Web3 Gamer