An AI security tool has uncovered a severe vulnerability in a proposed XRP Ledger (XRPL) upgrade that could have led to significant fund losses if left undetected.
According to a recent disclosure by XRPL Labs, the flaw was identified before the amendment went live, prompting swift intervention from developers and validators to halt activation and deploy emergency safeguards.
Key Points
- Attackers could have drained funds on the XRP Ledger due to a bug in the network’s proposed Batch Amendment.
- Security researcher Pranamya Keshkamat, aided by an AI auditing tool Apex, identified the flaw before the amendment was approved.
- Developers quickly released a fix to turn off the vulnerable feature and prevent exploitation.
- XRPL Labs has adopted AI-assisted audits to detect similar logic errors across the codebase.
Vulnerability Could Have Resulted in Loss of Funds on XRPL
Specifically, the vulnerability affected XRPL’s proposed Batch amendment. Security researcher Pranamya Keshkamat and Apex, an AI auditing tool developed by Cantina AI, discovered the flaw on February 19, 2026.
Using static code analysis, their investigation revealed a critical logic error in the validation of batch transaction signers. The flaw could have enabled attackers to move funds from victim accounts without requiring their private keys.
How the Flaw Worked
For context, batch transactions bundle multiple actions into one operation, allowing users to authorize the entire batch with approved signers.
However, a loop error caused the system to prematurely approve a batch when it encountered a signer linked to a newly created account. Consequently, the system skipped verification of the remaining signers, creating a path for forged approvals.
An attacker could have exploited this by first creating a new account within the batch, then adding a minor transaction, and finally inserting a payment that drains a victim’s crypto assets, including XRP. Since the new account did not yet exist during validation, the system would have incorrectly approved the entire batch, enabling the unauthorized transfer.
Developers Implement Immediate Fix
After confirming the flaw with a proof-of-concept, Ripple’s engineering team urged validators on the Unique Node List (UNL) to vote against the amendment. Additionally, developers released rippled 3.1.1 to disable the affected features.
They have since removed the flawed logic, strengthened authorization checks, and introduced a corrected upgrade, BatchV1_1, which is now under review. An official release date for the new upgrade has not yet been announced.
Beyond the immediate fix, XRP Labs has integrated AI-assisted audits into its standard review process and expanded static analysis to catch similar errors across the codebase.
Ultimately, the early detection highlights AI’s growing role in protecting blockchain infrastructure and demonstrates how proactive safeguards can stop severe exploits before deployment.
DisClamier: This content is informational and should not be considered financial advice. The views expressed in this article may include the author’s personal opinions and do not reflect The Crypto Basic opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.