Ripple and Immunefi Launch $200K Attackathon to Test XRPL Lending Protocol Security
Ripple is partnering with security platform Immunefi to host an “Attackathon” aimed at stress-testing its new XRPL Lending Protocol, a decentralized finance system designed to offer fixed-term, uncollateralized loans on the XRP Ledger (XRPL). The event will reward participants up to $200,000 for identifying vulnerabilities in the protocol.
The Attackathon runs from October 27 to November 29, inviting white-hat hackers and security researchers to probe the protocol’s codebase before its official launch. Leading up to the bug hunt, Ripple is providing an “Attackathon Academy” from October 13 to October 27, featuring educational resources, walkthroughs, and Devnet environments to help researchers familiarize themselves with XRPL’s architecture.
Participants who discover valid exploits will unlock the full $200,000 reward pool, while $30,000 will be distributed to contributors who submit meaningful but non-critical findings.
The XRPL Lending Protocol, governed under XLS-66, takes a unique approach compared to conventional DeFi systems. It does not use smart contracts, wrapped assets, or on-chain collateral. Instead, credit assessments are performed off-chain, enabling financial institutions to apply their own risk models, with fund flows and repayments recorded directly on the ledger. Ripple positions the protocol as a bridge between traditional credit markets and on-chain finance, offering transparency while maintaining regulatory compliance. Institutions needing collateralized structures can still operate via licensed custodians or tri-party agreements, with the protocol functioning as the execution layer.
Security researchers will focus on areas that could compromise fund safety or protocol solvency, including vault logic, liquidation and interest calculations, and permissioned access controls. To qualify for rewards, bugs must be reproducible and accompanied by working proof-of-concepts.
The Attackathon will also evaluate related standards, including XLS-65 (single-asset vaults), XLS-33 (multi-purpose tokens), XLS-70 (credentials), and XLS-80 (permissioned domains), providing a comprehensive review of the protocol’s security framework.
About The Author
More Stories
Following RLUSD Debut, Ripple Broadens Custody Network Across Africa
Bitcoin’s October Weakness Conceals Resilience, Analysts Forecast Convergence With Gold
Asia Morning Update: QCP Attributes Market Momentum to Global Liquidity Over Fed Actions