Written by Martin Young,Contributor
Reviewed by Felix Ng,Staff EditorXRPL Foundation patches ‘critical' flaw that almost made it to mainnet
44 minutes agoThe AI bug hunter scanned the Ripple blockchain codebase to catch the vulnerability before it was deployed, enabling engineers to patch it.
Cointelegraph in your social feed
Subscribe on Join ourXRP Ledger Foundation has confirmed it has patched a critical vulnerability found in an yet-to-be-enabled amendment of Ripple’s XRP Ledger, averting a potentially major exploit.
On February 19, a security engineer at cybersecurity firm Cantina, Pranamya Keshkamat, and the Cantina AI security bot identified a “critical logic flaw” in the signature-validation logic of Ripple’s blockchain, XRP Ledger, reported the XRP Ledger Foundation on Thursday.
The vulnerability in the signature validation code batch amendment would have allowed an attacker to execute transactions from victim accounts, including draining funds, without ever having the victim’s private keys.
“The amendment was in its voting phase and had not been activated on mainnet; no funds were at risk,” stated the XRPLF.
Exploitation may have destabilized the ecosystem
In addition to the potential theft of funds and modification of the ledger state, the vulnerability could have “destabilized the ecosystem,” the XRPLF said.
“A successful large-scale exploit could have caused substantial loss of confidence in XRPL, with potentially significant disruption for the broader ecosystem.”
Related: Cybersecurity stocks fall after Anthropic unveils Claude Code Security
Cantina and Spearbit CEO Hari Mulackal said, “our autonomous bug hunter, Apex, found this critical bug.”
“Had this been exploited, it would have been the largest security hack by dollar value in the world, with nearly $80 billion at direct risk,” he added, possibly referring to XRP (XRP) market capitalization.
Emergence of AI cybersecurity scanners
The autonomous AI security tool developed by Cantina AI identified the vulnerability via “static analysis of the rippled codebase,” and submitted a disclosure report allowing the Ripple engineering teams to validate it and begin patching the code.
Validators were advised to vote against the amendment, and an emergency release (rippled 3.1.1) was published on Feb. 23 to block the amendment from activating, stated the XRPLF.
AI is increasingly being deployed for cybersecurity purposes to sniff out code bugs that may be overlooked by human eyes.
Anthropic released Claude Code Security, its AI cybersecurity vulnerability scanner, which it claims “can reason like a skilled security researcher” on Feb. 20, causing a slide in public IT security company shares.
Magazine: AI won’t make you rich but crypto games might, Axie founder steps down: Web3 Gamer
Cointelegraph is committed to independent, transparent journalism. This news article is produced in accordance with Cointelegraph’s Editorial Policy and aims to provide accurate and timely information. Readers are encouraged to verify information independently. Read our Editorial Policy https://cointelegraph.com/editorial-policy
