The XRP Ledger (XRPL) is implementing a multi-layered security framework as it expands into decentralized finance through the Lending Protocol (XLS-66) and Single Asset Vault (XLS-65) upgrades, according to RippleX Head of Engineering Ayo Akinyele. In late 2025, RippleX partnered with Immunefi to launch a public Attackathon with a $200,000 RLUSD reward pool, drawing over 130 security researchers who analyzed nearly 35,500 lines of C and C++ code and identified dozens of valid vulnerabilities that were resolved before further deployment. The expanded security approach combines formal verification, multiple independent audits, AI-assisted analysis, validator reviews, fuzz testing, community testing, bug bounty programs, and adversarial security exercises to address the broader attack surface introduced by native lending and borrowing functionality.
XRPL Implements Multi-Layered Security Framework for DeFi Protocol Upgrades
RippleX is strengthening its security approach as XRPL expands beyond payments into native lending, borrowing, and institutional-grade DeFi capabilities. The Lending Protocol (XLS-66) and Single Asset Vault (XLS-65) introduce lending and borrowing functionality directly into the ledger, expanding the network's attack surface and requiring a higher standard of testing and validation.
Akinyele stated that security cannot rely on a single audit or final review, but must be built through continuous testing, independent verification, and multiple layers of defense. This defense-in-depth approach recognizes that no single security measure is sufficient on its own. By combining different review processes, RippleX aims to reduce the risk of consensus failures, economic exploits, and unexpected interactions between new features.
The need for stronger security practices comes as AI-powered tools accelerate vulnerability discovery and make advanced attacks more accessible. In response, RippleX has shifted security further into the development process, focusing on finding weaknesses before applications are deployed.
Immunefi Attackathon Identifies Dozens of Vulnerabilities in XRPL Codebase
The Lending Protocol and Single Asset Vault became the first XRPL amendments to undergo the expanded security framework. In late 2025, RippleX partnered with Immunefi to launch a public Attackathon with a $200,000 RLUSD reward pool, opening XRPL's codebase to security researchers worldwide.
More than 130 researchers analyzed nearly 35,500 lines of C and C++ code, submitting hundreds of reports. After review, dozens of valid vulnerabilities were identified, including critical issues that were resolved before further deployment progress.
Additional testing uncovered risks that traditional reviews could have missed. AI-powered red-team exercises revealed vulnerabilities involving incorrect system assumptions, potential spam attacks, and node stability risks. Independent researchers also identified a vault-related attack scenario that could have affected user funds, allowing RippleX engineers to address the issue before activation.
Community Testing and Validator Reviews Validate XRPL Protocol Upgrades
Community-driven testing strengthened confidence in the upgrades. XRPL Commons conducted hundreds of test cases across transaction types and adversarial scenarios, achieving full validation success. Validator testing and extensive fuzzing added further layers of assurance.
For RippleX, the security framework establishes a new benchmark for future XRPL upgrades, where major features undergo overlapping layers of scrutiny rather than relying on isolated reviews. As the XRP Ledger evolves from a payments-focused blockchain into a platform capable of supporting advanced financial infrastructure, this security-first approach is becoming a core part of its development strategy.
FAQ
What is the XRPL Attackathon and when was it launched?
The XRPL Attackathon is a public security testing program launched by RippleX in partnership with Immunefi in late 2025. It offered a $200,000 RLUSD reward pool and attracted over 130 security researchers who analyzed nearly 35,500 lines of C and C++ code in the XRP Ledger codebase, identifying dozens of valid vulnerabilities that were resolved before further deployment.
What are XLS-66 and XLS-65 in the XRP Ledger?
XLS-66 is the Lending Protocol and XLS-65 is the Single Asset Vault, two major XRPL upgrades that introduce lending and borrowing functionality directly into the ledger. These amendments were the first to undergo RippleX's expanded multi-layered security framework, which includes formal verification, multiple independent audits, AI-assisted analysis, validator reviews, fuzz testing, community testing, bug bounty programs, and adversarial security exercises.
How many vulnerabilities were found during XRPL security testing?
Dozens of valid vulnerabilities were identified during the Attackathon and additional testing phases, including critical issues resolved before further deployment progress. AI-powered red-team exercises revealed vulnerabilities involving incorrect system assumptions, potential spam attacks, and node stability risks, while independent researchers identified a vault-related attack scenario that could have affected user funds.
