$XRP Ledger Foundation has confirmed it has patched a critical vulnerability found in an yet-to-be-enabled amendment of Ripple’s $XRP Ledger, averting a potentially major exploit.
On February 19, a security engineer at cybersecurity firm Cantina, Pranamya Keshkamat, and the Cantina AI security bot identified a “critical logic flaw” in the signature-validation logic of Ripple’s blockchain, $XRP Ledger, reported the $XRP Ledger Foundation on Thursday.
The vulnerability in the signature validation code batch amendment would have allowed an attacker to execute transactions from victim accounts, including draining funds, without ever having the victim’s private keys.
“The amendment was in its voting phase and had not been activated on mainnet; no funds were at risk,” stated the XRPLF.
Source: $XRP Ledger Foundation
Exploitation may have destabilized the ecosystem
In addition to the potential theft of funds and modification of the ledger state, the vulnerability could have “destabilized the ecosystem,” the XRPLF said.
“A successful large-scale exploit could have caused substantial loss of confidence in XRPL, with potentially significant disruption for the broader ecosystem.”
Related: Cybersecurity stocks fall after Anthropic unveils Claude Code Security
Cantina and Spearbit CEO Hari Mulackal said, “our autonomous bug hunter, Apex, found this critical bug.”
“Had this been exploited, it would have been the largest security hack by dollar value in the world, with nearly $80 billion at direct risk,” he added, possibly referring to $XRP ($XRP) market capitalization.
Emergence of AI cybersecurity scanners
The autonomous AI security tool developed by Cantina AI identified the vulnerability via “static analysis of the rippled codebase,” and submitted a disclosure report allowing the Ripple engineering teams to validate it and begin patching the code.
Validators were advised to vote against the amendment, and an emergency release (rippled 3.1.1) was published on Feb. 23 to block the amendment from activating, stated the XRPLF.
AI is increasingly being deployed for cybersecurity purposes to sniff out code bugs that may be overlooked by human eyes.
Anthropic released Claude Code Security, its AI cybersecurity vulnerability scanner, which it claims “can reason like a skilled security researcher” on Feb. 20, causing a slide in public IT security company shares.
Magazine: AI won’t make you rich but crypto games might, Axie founder steps down: Web3 Gamer