The XRP Ledger Foundation has patched a critical vulnerability in an unactivated amendment to Ripple’s XRP Ledger, preventing a potential major exploit. A security engineer and an AI bot from cybersecurity firm Cantina identified the flaw, which could have allowed attackers to drain funds without private keys. The foundation confirmed no funds were at risk as the fix was deployed before activation, averting a crisis that could have destabilized the ecosystem and impacted nearly $80 billion in market value.
The XRP Ledger Foundation confirmed it patched a critical vulnerability discovered in a not-yet-enabled amendment. The flaw was identified on February 19 by a security engineer at Cybersecurity firm Cantina, Pranamya Keshkamat, and the Cantina AI security bot.
The vulnerability resided in the signature-validation logic and would have permitted unauthorized transactions, including fund draining. “The amendment was in its voting phase and had not been activated on mainnet; no funds were at risk,” the XRPLF stated.
In addition to potential theft, the exploit could have severely disrupted the network. The foundation reported that a large-scale attack might have caused substantial loss of confidence.
Cantina and Spearbit CEO Hari Mulackal noted their autonomous bug hunter, Apex, found the critical bug. “Had this been exploited, it would have been the largest security hack by dollar value in the world, with nearly $80 billion at direct risk,” he said.
The AI tool identified the flaw via static analysis of the codebase, enabling a swift patch. Validators were advised to vote against the amendment, and an emergency software release was published on February 23.
This event highlights the growing use of AI in cybersecurity to find code bugs. The deployment of such tools follows the recent release of Anthropic‘s Claude Code Security, an AI vulnerability scanner.

