AI tool catches critical XRP Ledger bug that could have drained wallets

The vulnerability in the Batch amendment's signature validation was found during the voting phase and never reached mainnet, but the exploit path was severe enough that validators were immediately told to vote it down.

Make us preferred on Google

What to know:

• A critical bug in the XRP Ledger's pending Batch amendment could have allowed attackers to steal funds from any account without accessing private keys, but it was caught before activation.
• The flaw stemmed from a loop error in the batch-signature validation logic that let a malicious batch transaction bypass checks and move a victim's funds.
• Discovered by researcher Pranamya Keshkamat and Cantina AI's Apex tool, the vulnerability prompted validators to reject the amendment, led to an emergency rippled 3.1.1 release, and spurred XRPL Labs to adopt AI-assisted code audits.

An autonomous AI security tool caught a bug in the XRP Ledger that, if left undetected, could have let an attacker steal funds from any account on the network without ever touching the victim's private keys.

The vulnerability, disclosed Thursday by XRPL Labs, sat in the signature-validation logic of the Batch amendment, a pending upgrade that would allow multiple transactions to be bundled and executed together.

The amendment was still in its voting phase among validators and had not been activated on mainnet, meaning no funds were ever at risk. But the exploit path was about as bad as it gets for a blockchain.

Here's what the bug did in plain terms. Batch transactions let users bundle several operations into one. Because the individual transactions inside the batch don't carry their own signatures, the system relies on a list of batch signers to confirm that every account involved has authorized the bundle.

The validation function that checked those signers had a critical loop error. If it encountered a signer whose account didn't yet exist on the ledger, and whose signing key matched their own account — the normal case for a brand-new account — it immediately declared the entire check successful and stopped looking at the rest of the list.

An attacker could exploit this by constructing a batch with three transactions. The first creates a new account the attacker controls. The second is a simple transaction from that new account, making it a required signer. The third is a payment from the victim's account to the attacker.

Because the new account doesn't exist yet when validation runs, the signer check exits early after the first entry and never verifies the second. The victim's funds move without their keys ever being involved.

Pranamya Keshkamat and Cantina AI's autonomous security tool Apex identified the flaw through static analysis of the codebase on Feb. 19 and submitted a responsible disclosure. Ripple's engineering team validated the report the same evening with an independent proof-of-concept.

The response was fast. Validators on the network's Unique Node List were immediately advised to vote "No" on the amendment.

An emergency release, rippled 3.1.1, was published on Feb. 23, marking both the Batch and the related fixBatchInnerSigs amendments as unsupported to prevent them from ever activating. A corrected replacement called BatchV1_1 has been built and is under review, with no release date set.

The fact that an AI tool found this is notable on its own.

XRPL Labs said it would add AI-assisted code audit pipelines as a standard step in its review process going forward, alongside expanded static analysis specifically designed to catch the kind of premature loop exits that caused this bug.

More For You

Vitalik Buterin reveals his bold new plan to fix Ethereum’s scaling problem

The new post reflects Buterin’s renewed focus on scaling Ethereum’s base layer, after several years in which much of the ecosystem’s scaling strategy centered on layer-2 rollups.

What to know:

• Ethereum co-founder Vitalik Buterin has outlined a new scaling roadmap that boosts Ethereum’s near-term capacity while preparing for a longer-term shift to advanced cryptography and data-heavy “blobs.”
• In the short term, upcoming upgrades like "Glamsterdam" and "ePBS" aim to let nodes check blocks more efficiently and use more of each 12-second slot, so Ethereum can safely fit more transactions into each block.
• Longer term, Buterin proposes making permanent data storage more expensive, relying more on zero-knowledge proofs and blobs, to increase throughput without turning Ethereum into a network that only large, well-funded operators can afford to run.

Bitcoin slides to $65,000 in weekend sell-off, with solana, XRP, dogecoin down 6%

35 minutes ago

U.S. Senate Democrats asked Treasury, DOJ to probe Binance's illicit finance controls

6 hours ago

Coinbase’s head of litigation says states are 'gaslighting' on prediction markets

7 hours ago

Citi and Morgan Stanley expand bitcoin and crypto custody, trading and tokenization efforts

9 hours ago

Bitcoin's rebound cancelled as U.S. stocks fall, gold surges, amid mounting macro risks

11 hours ago

Vitalik Buterin reveals his bold new plan to fix Ethereum’s scaling problem

12 hours ago

Bitcoin ETF holders and treasury firms stack protection against price crash below $60,000, Deribit says

22 hours ago

The worst may lie ahead. Bitcoin chart revisits historic pattern.

16 hours ago

Barclays looks for tech provider for new blockchain settlement engine: Bloomberg

12 hours ago

Punters want crypto: UK Gambling Commission explores how to keep bettors on licensed sites

13 hours ago

U.S. regulator's GENIUS pitch casts dark cloud over crypto sector's stablecoin model

Feb 26, 2026

Germany's AllUnity issues regulated stablecoin tied to safe haven Swiss franc

18 hours ago