XRP Ledger's new proposal blocks the flash loan attacks costing DeFi hundreds of millions
A draft XRPL amendment notes that flash loan attacks are "structurally impossible" on the network because of how its transactions are built, an architectural quirk that has spared the chain from the exploit class that has cost Ethereum DeFi billions.
By Shaurya Malwa May 31, 2026, 2:30 a.m. 3 min readMake preferred on
What to know:
- Recent DeFi exploits on protocols like Thorchain, Drift and KelpDAO have relied on flash loans, a mechanism that does not exist on the XRP Ledger.
- Because XRPL transactions are atomic and cannot include composable intra-transaction calls, flash loan attacks are structurally impossible on the network.
- As XRPL pursues AMM upgrades and its tokenized real-world asset volume grows, institutional investors may weigh this built-in exploit resistance against Ethereum’s deeper liquidity and more mature DeFi ecosystem.
The two biggest DeFi exploits of the past two months have one thing in common. They used a tool that does not exist on the XRP Ledger.
Thorchain lost roughly $10.8 million on May 15 to a cross-chain attack that drained funds across Bitcoin, Ethereum, BSC, and Base. Drift Protocol, a Solana-based decentralized perpetual exchange, and KelpDAO, a liquid restaking protocol on Ethereum, together accounted for more than $600 million in losses through April alone.
Cross-chain bridges have lost over $2.8 billion to attacks since 2021, per Chainalysis. And a significant share of these exploits used some variant of the same mechanic: flash loans.
A flash loan is a smart contract feature that lets a trader borrow millions of dollars with no collateral, on the condition that the loan is repaid inside the same transaction. The legitimate use cases include arbitrage between exchanges, collateral swaps without unwinding positions, and liquidation bots that maintain solvency in lending markets.
The attack pattern is the same mechanic pointed in the wrong direction.
A borrower takes out the loan, uses the funds to manipulate an oracle or drain a poorly designed pool, profits from the manipulation, and repays the loan, all before the transaction settles. If any step fails, the whole sequence rolls back, so the attacker risks nothing but gas fees.
The XRP Ledger does not let this work. A draft amendment filed on the XRPL standards repository earlier this week, proposing concentrated liquidity and StableSwap-style pools for the chain's native automated market maker, included a single line in its Security Considerations section: "Flash loan attacks are structurally impossible. XRPL transactions are atomic without composable intra-transaction calls."
What that means is that XRPL transactions either fully succeed or fully fail, like an Ethereum transaction. But unlike Ethereum, an XRPL transaction cannot call into another contract during its execution. The borrow-manipulate-repay sequence that defines a flash loan attack needs at least three nested operations inside a single transaction envelope.
That is a meaningful architectural choice, and it has a cost. Flash loans are not only an attack tool. They have become a structural component of Ethereum DeFi, with Aave, dYdX, and other major protocols offering them as a product. Arbitrage traders use flash loans to clear price differences between exchanges in a single atomic action.
Liquidation bots use them to keep over-collateralized lending positions solvent. Sophisticated DeFi users use them for collateral swaps that would otherwise require capital that gets tied up for hours. XRPL gives up all of that in exchange for closing the attack class entirely.
For most of XRPL's history, the tradeoff did not matter because the chain's DeFi footprint was small. That is changing. Tokenized real-world assets on the XRP Ledger have crossed $3 billion in total value, including the Ripple-JPMorgan-Mastercard-Ondo Finance pilot last month that processed a tokenized U.S. Treasury redemption in under five seconds.
The draft AMM amendment, if it passes, would close the capital-efficiency gap that has held XRPL DeFi behind Ethereum, opening the chain to a wider set of trading and yield strategies.
If the AMM amendment passes and XRPL's DeFi liquidity grows toward something institutional capital can deploy at scale, the question becomes whether structural exploit resistance is a real competitive advantage or just a feature that institutions ignore in favor of where the liquidity already is.
More For You
Bitcoin’s biggest quantum risk may not be wallet keys. An early investor fears something bigger
By Shaurya Malwa|Edited by Sam Reynolds21 hours ago
Andrew Gault, the venture capitalist who funded the quantum hardware labs now threatening bitcoin, says the industry is looking in the wrong place. Google's own security team moved in the same direction in March.
What to know:
- Security experts warn that the most urgent quantum threat to bitcoin and the broader financial system is not wallet keys but the encrypted authentication data already moving between institutions and being quietly harvested today.
- Adversaries are pursuing a “harvest now, decrypt later” strategy, stockpiling encrypted interbank messages, payment records and...
SEC sues Texas man over $12.3 million alleged crypto scheme built on fake AI trading bots
9 hours ago
U.S. says it seized about $1 billion in Iranian crypto as pressure campaign expands
11 hours ago
Wall Street’s trillion-dollar dilemma: Why AI-powered hackers are keeping big banks off the blockchain
12 hours ago
When the market is bad, we build: Inside Binance’s bold 2030 master plan
14 hours ago
Hyperliquid could become a ‘financial services juggernaut’ as DeFi expands, says Grayscale
14 hours ago
XRP ETFs add $35 million as bitcoin and ether funds lost $2 billion in late May
15 hours agoTop Stories
Bitcoin, ether, XRP, dogecoin lag a nine-week stocks rally as ETF demand cools
21 hours ago
U.S. CFTC opens crypto 'perp' door with first approvals at Kalshi, Coinbase
May 29, 2026
Bitcoin’s biggest quantum risk may not be wallet keys. An early investor fears something bigger
21 hours ago
What American crypto asset perpetuals mean for the future of crypto
May 29, 2026
